We're updating the issue view to help you get more done. 

Refresh any salt values when deploying a new CF engine.

Description

CF engines have salt values to ensure strong encryption and hashing that is unique per installation. Having all CommandBox servers deploy the same CFengine with the same salt defeats this purpose. Modify out CF Engines to omit any salts so they start up fresh. Lucee and Adobe will auto-create fresh salt values.

Files include:

  • Remove WEB-INF/cfusion/lib/seed.properties in ACF 2016+

  • ACF's WEB-INF/cfusion/lib/neo-security.xml (Remove admin.userid.root.salt setting)

  • Reset RDS password to blank (denies access) and reset admin password to "commandbox" and set encrypted flag to false in WEB-INF/cfusion/lib/password.properties

  • Remove Lucee server and web context admin password salt This isn't necessary on a stock Lucee war as these files don't exist yet.

Status

Assignee

Jon Clausen

Reporter

Brad Wood

Labels

None

Components

Fix versions

Priority

Major