ColdFusion Font Management with a non-administrative account - McMap

About

ColdFusion Font Management with a non-administrative account

Asked 27/5, 2014 at 16:20 Answered 27/5, 2014 at 18:50

coldfusion cfadmin

C

1

6

In the interest of making my ColdFusion 9 server more secure, I recently changed the "Log On" account for the CF Application Service to a non-administrative account. Everything is working fine with one exception: Fonts are no longer available through the "Font Management" tools in CF Administrator. This came up because I use CFDocument to render .PDF files and with the non-admin account they went to using only Times New Roman as the font. I've made sure that the service account I created had Full Control rights to the Windows Font directory, and I even copied all the fonts to a non-Windows directory and tried to add them from there. In both cases, the fonts cannot be added using the Font Management tool and do not render in CFDocument. I get no error when attempting to add the fonts - just a blank screen. Only thing I can find in the logs is a reference to org/jpedal/exception/PDFFontException.

Anyone out there had experience using a non-admin account to run CF Application Server and what I need to do to get the fonts to work properly?

Cathrine answered 27/5, 2014 at 16:20 Comment(0)

P

0

Can you try giving permission to \ColdFusion9\wwwroot\CFIDE\administrator\settings or \ColdFusion9\wwwroot\CFIDE\administrator\settings\fonts.cfm?

Pskov answered 27/5, 2014 at 18:50 Comment(4)

as an Adobe support engineer for ColdFusion, you cannot seriously be telling this user that ColdFusion (all version) should always run under an Administrator Account can you? This is one of the first things you learn in order to secure a server - DO NOT RUN THE SERVICE UNDER AN ADMINISTRATIVE ACCOUNT. And an account having privileges equivalent to admin account is an administrator account. I had to re-read your post like five times to make sure I was reading it correctly. – Whittington 27/5, 2014 at 19:30

I'm pretty sure that advice directly contradicts the various ColdFusion Lockdown Guides. For security, you give the ColdFusion service account the least amount of access privileges necessary for it to do its job. – Savona 27/5, 2014 at 20:8

My bad. You are correct Miguel-F and Carl. It was a typo in copy/pasting. I edited my post. @Michael, can you try the suggestion mentioned. – Pskov 28/5, 2014 at 12:26

Since you removed the bit about running the ColdFusion service as an administrator account I have removed my down-vote. – Whittington 28/5, 2014 at 15:19

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.