About Secure Profile

In ColdFusion 10, the “Secure Profile” feature was added. It can be enabled at the time of installation and helps configure some of the important settings for securing server. It is highly recommended to choose this option for production servers. Complete details of Secure Profile can be found here.

Determining the status of Secure Profile

Once you enable this option from Installer, there are multiple ways to determine the status of “Secure Profile”.

  1.  In <ColdFusion-home>/lib/neo-security.xml, “secureprofile.enabled” flag value indicates if secure profile is enabled or not. Note: Changing value of this flag post installation will not re-configure other secure profile affected settings.
  2. Alternatively you can use Admin Extension created by Raymond Camden. Details can be found here.
  3. You can also check in web.xml file under runtime/conf. There is a section (“<!—secure profile enable start” ) that will be commented out if it is not turned on.

References:

http://blogs.coldfusion.com/post.cfm/secure-profile-with-coldfusion-10

http://help.adobe.com/en_US/ColdFusion/10.0/Admin/WSf23b27ebc7b554b629cab0421369741d5a7-7fff.html

http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf

http://www.shilpikhariwal.com/2012/04/coldfusion-10-presents-secure-profile.html

http://www.raymondcamden.com/index.cfm/2012/4/11/Security-Profile-Admin-Extension-for-ColdFusion-10

0 Comments to “ColdFusion 10: Detecting Secure Profile status”

Leave a Comment

Leave this field empty: