Entries Tagged as “ColdFusion Secure Profile”

ColdFusion 10: Detecting Secure Profile status

January 24, 2013 / Shilpi Khariwal

  Security | Adobe ColdFusion 10 | Application Server | ColdFusion Secure Profile | web application security

About Secure Profile

In ColdFusion 10, the “Secure Profile” feature was added. It can be enabled at the time of installation and helps configure some of the important settings for securing server. It is highly recommended to choose this option for production servers. Complete details of Secure Profile can be found here.

Determining the status of Secure Profile

Once you enable this option from Installer, there are multiple ways to determine the status of “Secure Profile”.

  1.  In <ColdFusion-home>/lib/neo-security.xml, “secureprofile.enabled” flag value indicates if secure profile is enabled or not. Note: Changing value of this flag post installation will not re-configure other secure profile affected settings.
  2. Alternatively you can use Admin Extension created by Raymond Camden. Details can be found here.
  3. You can also check in web.xml file under runtime/conf. There is a section (“<!—secure profile enable start” ) that will be commented out if it is not turned on.

References:

http://blogs.coldfusion.com/post.cfm/secure-profile-with-coldfusion-10

http://help.adobe.com/en_US/ColdFusion/10.0/Admin/WSf23b27ebc7b554b629cab0421369741d5a7-7fff.html

http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf

http://www.shilpikhariwal.com/2012/04/coldfusion-10-presents-secure-profile.html

http://www.raymondcamden.com/index.cfm/2012/4/11/Security-Profile-Admin-Extension-for-ColdFusion-10


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog