6

In the interest of making my ColdFusion 9 server more secure, I recently changed the "Log On" account for the CF Application Service to a non-administrative account. Everything is working fine with one exception: Fonts are no longer available through the "Font Management" tools in CF Administrator. This came up because I use CFDocument to render .PDF files and with the non-admin account they went to using only Times New Roman as the font. I've made sure that the service account I created had Full Control rights to the Windows Font directory, and I even copied all the fonts to a non-Windows directory and tried to add them from there. In both cases, the fonts cannot be added using the Font Management tool and do not render in CFDocument. I get no error when attempting to add the fonts - just a blank screen. Only thing I can find in the logs is a reference to org/jpedal/exception/PDFFontException.

Anyone out there had experience using a non-admin account to run CF Application Server and what I need to do to get the fonts to work properly?

Fish Below the Ice
  • 1,273
  • 13
  • 23
Michael C. McGreevy
  • 61
  • 1

1 Answers1

0

Can you try giving permission to \ColdFusion9\wwwroot\CFIDE\administrator\settings or \ColdFusion9\wwwroot\CFIDE\administrator\settings\fonts.cfm?

Fish Below the Ice
  • 1,273
  • 13
  • 23
Anit Kumar
  • 1,228
  • 8
  • 16
  • 3
    as an Adobe support engineer for ColdFusion, you cannot seriously be telling this user that _ColdFusion (all version) should always run under an Administrator Account_ can you? This is one of the first things you learn in order to secure a server - **DO NOT RUN THE SERVICE UNDER AN ADMINISTRATIVE ACCOUNT**. And an account _having privileges equivalent to admin account_ is an administrator account. I had to re-read your post like five times to make sure I was reading it correctly. – Miguel-F May 27 '14 at 19:30
  • 1
    I'm pretty sure that advice directly contradicts the various ColdFusion Lockdown Guides. For security, you give the ColdFusion service account the *least* amount of access privileges necessary for it to do its job. – Carl Von Stetten May 27 '14 at 20:08
  • My bad. You are correct Miguel-F and Carl. It was a typo in copy/pasting. I edited my post. @Michael, can you try the suggestion mentioned. – Anit Kumar May 28 '14 at 12:26
  • Since you removed the bit about running the ColdFusion service as an administrator account I have removed my down-vote. – Miguel-F May 28 '14 at 15:19