From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000267-AS-000170
Associated with: CCI-001314
If the application provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
Within the Administrator Console, navigate to the "User Manager" page under the "Security" menu. Review each defined user and ask the SA if the user should have access to read error messages. For each user that should not be able to read error messages, review the roles assigned to the user account. If any user has the Debugging and Logging>Logging role that should not be able to read error messages, this is a finding.
Navigate to the "User Manager" page under the "Security" menu. Remove the "Debugging and Logging>Logging" role from each user that should not have access to read error messages.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer