Entries Tagged as 'ColdFusion Secure Profile'

With Update 14 for ColdFusion 10, Java 8 is supported.

If you are using ColdFusion Web services you will have to do a one-time change manually.

You should copy tools.jar manually from {JDK8_Home}/lib to {cf_install_home}/cfusion/lib/. ColdFusion Web Services will fail if this is not done. Only JDK contains tools.jar not the jre. You don't have to install JDK on the machine where ColdFusion is installed. You can just have jre 8 on this machine and get tools.jar from any other machine's JDK installation.

And also make sure that the earlier stubs are cleared fom {cf_install_home}/cfusion/stubs/ to get the newly compiled classes.

Originally ColdFusion 10 was shipped with jre 1.6. With that build we released tools.jar of jdk1.6.

For Windows there was a refreshed installer release. With this jre include was 1.7 and so we have shipped tools.jar of jdk1.7.

Since, we are not releasing new installers and still if you want ColdFusion to run on jre 1.8.

Unless you want Web services, it is not necessary that you have to upadte it.

The reason why we have not shipped this through updater is that it can break the existing users those who have n't upgraded their jre.

About Secure Profile

In ColdFusion 10, the “Secure Profile” feature was added. It can be enabled at the time of installation and helps configure some of the important settings for securing server. It is highly recommended to choose this option for production servers. Complete details of Secure Profile can be found here.

Determining the status of Secure Profile

Once you enable this option from Installer, there are multiple ways to determine the status of “Secure Profile”.

  1.  In <ColdFusion-home>/lib/neo-security.xml, “secureprofile.enabled” flag value indicates if secure profile is enabled or not. Note: Changing value of this flag post installation will not re-configure other secure profile affected settings.
  2. Alternatively you can use Admin Extension created by Raymond Camden. Details can be found here.
  3. You can also check in web.xml file under runtime/conf. There is a section (“<!—secure profile enable start” ) that will be commented out if it is not turned on.