Details

      Description

      CF engines have salt values to ensure strong encryption and hashing that is unique per installation. Having all CommandBox servers deploy the same CFengine with the same salt defeats this purpose. Modify out CF Engines to omit any salts so they start up fresh. Lucee and Adobe will auto-create fresh salt values.

      Files include:

      • Remove WEB-INF/cfusion/lib/seed.properties in ACF 2016+
      • ACF's WEB-INF/cfusion/lib/neo-security.xml (Remove admin.userid.root.salt setting)
      • Reset RDS password to blank (denies access) and reset admin password to "commandbox" and set encrypted flag to false in WEB-INF/cfusion/lib/password.properties
      • Remove Lucee server and web context admin password salt This isn't necessary on a stock Lucee war as these files don't exist yet.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                JClausen Jon Clausen
                Reporter:
                bradwood Brad Wood
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: