ColdFusion Administrator Defualt Settings
By Pete Freitag
I just helped someone setup their ColdFusion adminstrator settings, there are a few things you probably don't want to leave defaulted, here's a list of some of the things I changed.
- Maximum number of simultaneous requests - this value was set to 100, though I don't think thats the default, typically the recommendation is number of CPU's times 3. But if you need high performance, you should load test for the optimal value.
- Turned off cache web server paths - since the server was going to host multiple web sites this needs to be off.
- Set Default SMTP Server
- Use a database for Client Variable Storage - you don't want to use the registry (the default), it will make your site slow.
- Set Min JVM Heap Size - if the server is only going to be used for CF, which this one was I set this value so the JVM doesn't have to spend a lot of time garbage collecting, and allocating memory for the heap. I set it to 128 on this server, which has 1GB of ram. For best performance (but slower startup time) you can even set this to be equal the max jvm heap size.
- Set Max JVM Heap - this is one setting you don't want to leave at the default (512 MB). I usually set it to around 75% of the total amount of memory on the server. If you only have 512MB of ram, and you leave this as the default, your server may use swap, and that will be slow. Also if you have 2GB of ram on your server, and you don't change this setting CF will never use more than the default 512MB.
- Turn off debugging, and remove debugging ip's - on production you should not have debugging turned on.
- Add Missing Template Handler - present a nice error when the page is not found.
- Add a Global Error Handler - I setup a template that will display a nice message to a user, and then email me the error message.
- Use UUID for cftoken - a bit more secure, harder to guess than the random number.
- Enable Whitespace Management - save some bandwidth, and make code a bit easier to read.
ColdFusion Administrator Defualt Settings was first published on March 31, 2005.
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.