displaying top 100 results
Tracker Issue Secure Profile should be opt-out
Secure Profile should be opt-out
Tracker Comment Comment on Secure Profile should be opt-out by Krishna R.
Comment on Secure Profile should be opt-out by Krishna R.
[ANeff] Bug for: Secure Profile Settings Summaries are missing info
Tracker Issue [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled"
[ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled"
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by External U.
Tracker Comment Comment on Secure Profile should be opt-out by External U.
Comment on Secure Profile should be opt-out by External U.
Tracker Comment Comment on [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled" by S P.
Comment on [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled" by S P.
Allowed file extensions for CFInclude tag should be in Secure Profile
Tracker Issue [ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3
[ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3
Tracker Comment Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by Aaron N.
Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by Aaron N.
Tracker Issue [ANeff] Bug for: 30 issues with Secure Profile page
[ANeff] Bug for: 30 issues with Secure Profile page
Tracker Comment Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by External U.
Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by External U.
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Tracker Comment Comment on Secure Profile should be opt-out by Krishna R.
Comment on Secure Profile should be opt-out by Krishna R.
Tracker Issue Security Analyzer - addtoken and Secure Profile
Security Analyzer - addtoken and Secure Profile
Tracker Comment Comment on [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled" by Aaron N.
Comment on [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled" by Aaron N.
Comment on Security Analyzer - addtoken and Secure Profile by External U.
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by Adobe D.
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by Mukesh K.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by Mukesh K.
Tracker Comment Comment on [ANeff] ER for: Secure Profile should enable CF's most secure session management option by Aaron N.
Comment on [ANeff] ER for: Secure Profile should enable CF's most secure session management option by Aaron N.
[ANeff] Bug for: installer has "cf11" in Secure Profile URL
Tracker Comment Comment on Secure Profile should be opt-out by External U.
Comment on Secure Profile should be opt-out by External U.
Tracker Comment Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Tracker Comment Comment on The "Secure Profile" error template does not hide debugging info. by Uday O.
Comment on The "Secure Profile" error template does not hide debugging info. by Uday O.
Reference Bug# : 3332588 , Currently we recommend 6 character password for non-secure profile and enforce a 6 character password for secure profile . This needs to be changed to 8 characters . This change needs to be made in installer .
Tracker Issue create, drop, alter, grant, revoke, stored procedures for DSNs should be enabled when we switch back from secure profile
create, drop, alter, grant, revoke, stored procedures for DSNs should be enabled when we switch back from secure profile
[ANeff] Bug for: Secure Profile page misleading label for allowed SQL setting
Tracker Comment Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by CFwatson U.
Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by CFwatson U.
Tracker Comment Comment on [ANeff] Bug for: installer has "cf11" in Secure Profile URL by CFwatson U.
Comment on [ANeff] Bug for: installer has "cf11" in Secure Profile URL by CFwatson U.
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by External U.
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by External U.
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Tracker Comment Comment on [ANeff] Bug for: Secure Profile page misleading label for allowed SQL setting by Nimit S.
Comment on [ANeff] Bug for: Secure Profile page misleading label for allowed SQL setting by Nimit S.
Tracker Comment Comment on [ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3 by S P.
Comment on [ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3 by S P.
CFSecurityAnalyzerServlet is loaded in web.xml when SecureProfile is enabled
The "Secure Profile" error template does not hide debugging info.
[ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Tracker Comment Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Tracker Comment Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Tracker Comment Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Tracker Comment Comment on Either remove allowedextforinclude functionality entirely, or at least implement it so it can be disabled by External U.
2610330 CF-3710326 External U. POSSIBLY only switch it on if the server is installed with the "secure profile"?
--
Adam
Tracker Comment Comment on Cannot access CF Admin after install by Adobe D.
2613376 CF-3328113 Adobe D. Did you install CF with secure profile turned on
(Comment added from ex-user id:vnigam)
Tracker Comment Comment on The "Secure Profile" error template does not hide debugging info. by Uday O.
Comment on The "Secure Profile" error template does not hide debugging info. by Uday O.
Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by External U.
Comment on Security Analyzer - addtoken and Secure Profile by CFwatson U.
Tracker Comment Comment on Official Adobe ColdFusion Docker Images by Doug C.
2608228 CF-4160098 Doug C. You should be able to use configuration files outside of the container (mapped volume) to be able to set if it is development or secure profile in my opinion. Default to secure profile would probably be best so its secure by default
SecureProfile should not install Example Datasources, Gateways, or Solr Collections
Tracker Comment Comment on [ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3 by External U.
Comment on [ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3 by External U.
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by External U.
Tracker Comment Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by Piyush K.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by Piyush K.
Tracker Comment Comment on Inconsistent Enable and Disable flags for turning features on under the Administrator Settings by External U.
2673094 CF-4151397 External U. Hi Adobe,
The inconsistency also exists on the Secure Profile page (as noted in CF-3737748, which needs re-opened):
Good (consistent):
----------------------
Admin Authentication Enabled
RDS Authentication Enabled
Bad (inconsistent):
----------------------
Admin
Tracker Issue Error thrown by site-wide exception handler
6721595 CF-4206918 Security : Secure profile Error thrown by site-wide exception handler Problem Description:
Every now and than the error is cropping up and halting the server. We need to restart the service/server to make it functional.
Steps to Reproduce:
It is popping up randomly
Tracker Comment Comment on Security Analyzer Fails Silently when not using builtin server by CFwatson U.
2682291 CFB-4130071 CFwatson U. Added By:prk Note Added: Getting proper error message, when profile is pointed to production, secure and development. Fix will be available from next major release.
Thanks,
Priyatharsini Date Added :2016-01-25 07:17:09.0
Added By: PreRelease User User Name
Tracker Comment Comment on CFSecurityAnalyzerServlet is loaded in web.xml when SecureProfile is enabled by CFwatson U.
Comment on CFSecurityAnalyzerServlet is loaded in web.xml when SecureProfile is enabled by CFwatson U.
2609138 CF-3923565 External U. Hi CFJSGeek,
I've noticed at least 1 case (and I think 2, but I forget what the 2nd was) where CF behaves differently if secure profile was enabled during install vs enabling it post-install. Have you also determined if this same issue exists if secure profile isn
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Tracker Comment Comment on The "Secure Profile" error template does not hide debugging info. by Adobe D.
Comment on The "Secure Profile" error template does not hide debugging info. by Adobe D.
Tracker Comment Comment on Automatically disable RDS when a serial # is added to a CF server by Rupesh K.
2612003 CF-3566375 Rupesh K. It does not make sense. In ColdFusion 11, we have added the concept of installation profiles - dev, production & secure production profile.
Tracker Issue [ANeff] ER for: Secure Profile should enable CF's most secure session management option
[ANeff] ER for: Secure Profile should enable CF's most secure session management option
Tracker Comment Comment on CAR migration : List the settings that are not considered while CAR creation and CAR deploy by Nitin K.
Src Directory
RDS - Enable RDS Service
Sandbox Security - Enable ColdFusion Sandbox Security
Secure Profile - Enable Secure Profile, All Secure Default Values
Corba Connectors - Registered CORBA Connectors
Font Management - User Defined Fonts
Default Datasources
Debug Output Settings
Tracker Issue Security Analyzer - Secure with Credentials
incorrectly where the security analyzer could be exposed to an attacker to run and profile the code making it easier to attack.
The security analyzer should be secured with either admin or rds username and passwords.
----------------------------- Additional Watson Details
2673525 CF-4126449 Installation/Config Shigeyoshi Muraoka Wrong Server Profile applied in the installation wizard (Japanese Ver.) Problem Description:
When "Production Profile" is selected in the "Select Server Profile" page of the Japanese installation wizard, "Production Profile + Secure Profile
Tracker Issue [ANeff] ER for: CF Admin password strength meter
user knows if password also meets Production/Secure Profile's complexity requirements.
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by CFwatson U.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by CFwatson U.
Tracker Comment Comment on Weird behaviour in ehcache by Aaron N.
.cfc shares same cache regions across its dynamic THIS.names.
This should be a CF Admin setting like "[ ] Allow global cache regions". Checked by default, unless Secure Profile is enabled (Secure Profile would uncheck it).
Thoughts?
Thanks!,
-Aaron
P.S. I do appreciate the security focus for shared
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Tracker Comment Comment on Coldfusion 11 Update 2 impossible due to error in Coldfusion Administrator by External U.
2609506 CF-3840648 External U. Is your CF installed with the secure profile?
No.
Have you applied any steps to lock down your CF installation?
No.
Which web server are you using, if any?
ColdFusion's built-in web server.
Are you using the default CF JRE?
Yes.
Do you have any sandbox
Tracker Comment Comment on [ANeff] Bug for: ColdFusion Archives not migrating many settings by External U.
2608339 CF-4118887 External U. Hi Nitin and Saurav,
Awesome, thanks very much!
I still don't understand why the security settings (RDS/Sandbox/Secure Profile) won't be migrated. Would someone please be able to explain the reason a little more?
Thanks!,
-Aaron
Tracker Comment Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by CFwatson U.
Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by CFwatson U.
Portal Comment Comment on Docker images for ColdFusion by Doug Cain
, DSN, secure profiles, specific CF settings etc. etc.
Tracker Issue Error thrown by site-wide exception handler:
6619880 CF-4206472 Administrator Error thrown by site-wide exception handler: "Error","ajp-nio-8018-exec-59","01/03/20","19:30:15","","'' The specific sequence of files included or processed is: C:\ColdFusion2018\cfusion\wwwroot\CFIDE\administrator\templates\secure_profile_error.cfm'' "
on Production Secure profile.
Thanks!
2608228 CF-4160098 Immanuel N. We are in the process of building a Docker image for ColdFusion and would like to understand the biggest use-cases for a Docker image. Development or Production. Defaulting the image to developer / secure profile is a call we need to take.
Any other inputs would also
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by Aaron N.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by Aaron N.
Tracker Comment Comment on [ANeff] Bug for: ColdFusion Archives not migrating many settings by Aaron N.
2608339 CF-4118887 Aaron N. *bump* - I received notification that this ticket was updated, yet my questions above remain unanswered.
Steps:
1) On Server 1, enable Sandbox Security & Secure Profile
2) On Server 1, create .car of all settings
3) On Server 2, deploy .car created in Step 2
Expected
Tracker Issue CAR migration : List the settings that are not considered while CAR creation and CAR deploy
that these cannot be migrated.
Server Settings > Settings
- Default ScriptSrc Directory
Security > RDS
- Enable RDS Service
Security > Sandbox Security
- Enable ColdFusion Sandbox Security
Security > Secure Profile
- Enable Secure Profile -> Expected Behavior . Should not be migrated
Tracker Comment Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by CFwatson U.
Comment on Page for selecting Dev/Prod/Secure profile should NOT remove IP option for Dev/Prod by CFwatson U.
Tracker Comment Comment on [ANeff] Bug for: ColdFusion Archives not migrating many settings by Nitin K.
. Should not be migrated .
Security > Secure Profile
- Enable Secure Profile -> Expected Behavior . Should not be migrated . Reason: As it adds a lot of restriction in server functionality .
--------------------------------------------------
Note:
Corba settings should not be migrated .
For User
Tracker Issue Installation server config wizard login gives incorrect errors without javascript enabled
Javascript enabled and try to log in you will receive an error stating your password is incorrect when in fact it may not be, its just that JS is required for the login to work.
Steps to Reproduce:
Disable javascript or attempt to install on a windows server without disabling IE secure profile (which
Comment on Security Analyzer - addtoken and Secure Profile by CFwatson U.
Security > RDS
- Enable RDS Service
Security > Sandbox Security
- Enable ColdFusion Sandbox Security
Security > Secure Profile
- Enable Secure Profile
Steps to reproduce:
1) Install CF2016 (tested as standalone w/ Developer profile)
2) Change all of the above settings from their defaults
3) Create a
2682291 CFB-4130071 Security Code Analyzer Peter Freitag Security Analyzer Fails Silently when not using builtin server Problem Description:
When you have a server setup with secure profile and try to use the security analyzer with it, the security analyzer fails silently. The request to the CF
Service
Security > Sandbox Security
- Enable ColdFusion Sandbox Security
Security > Secure Profile
- Enable Secure Profile
Steps to reproduce:
1) Install CF2016 (tested as standalone w/ Developer profile)
2) In CF11, change all of the above settings so that they differ from CF2016's default settings
3
Tracker Comment Comment on [ANeff] Bug for: installer has "cf11" in Secure Profile URL by CFwatson U.
Comment on [ANeff] Bug for: installer has "cf11" in Secure Profile URL by CFwatson U.
to the cf admin. (It was in cf10 that that was prevented.)
FWIW, the "secure profile" feature in the cf admin also allows control of that feature.
Finally, can I make a plea for folks to not call the cf admin "the cfide"? :) I realize it's IN a folder of that name, but that's merely because
Tracker Issue [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change
to Analyze" as the file's parent directory
3) Ensure "CFM" is one of the file types selected in "Analyze file types"
4) Click "Run Analyzer"
5) See no notification about Secure Profile changes addtoken's default value
Verified in CF11 Update 7 (build 11
Tracker Issue Install summary doesn't list all options
2609883 CF-3752318 Installation/Config Adam Cameron Install summary doesn't list all options See http://cfmlblog.adamcameron.me/2014/04/coldfusion-11-select-coldfusion-server.html
It doesn't look like the summary screen (before install actually kicks off) has been updated to include the new secure
Tracker Comment Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by External U.
Tracker Comment Comment on Exceptions in REST Services doesn't trigger Application.cfc's onError or Site-wide Error Handler by External U.
2612467 CF-3506757 External U. Hi Paul,
Regarding: "Site wide error handler works with REST services."
I see the site wide error handler is not invoked for REST errors. Repro:
1) In CF Admin, set "Site-wide Error Handler" to /CFIDE/administrator/templates/secure_profile_error.cfm
2) Run repro
Tracker Comment Comment on Bug 72751:Support for NTLM (Microsoft) and Digest Authentication on all CF HTTP operations by External U.
2603208 CF-3035879 External U. Extremely disturbing that this has been advertised and then released as what amounts to a useless implementation. ...there are no words to describe the frustration. This failure when combined with ColdFusion not supporting WS-Security Username Token Profile
Tracker Issue Linux Installer points to cf11 lockdown guide
in the ColdFusion Lockdown Guide (http://www.adobe.
com/go/cf11-lockdown-guide).
"
Which points to the CF11 lockdown guide, should be updated to http://www.adobe.
com/go/cf2016-lockdown-guide and then when the guide is published make sure that the link works.
It also has a link to CF11 secure profile info
Tracker Comment Comment on CFFTP secure requests just keep spinning without giving an error when connection fails by External U.
(Production+Secure profile) on Another Windows Server 2012 R2 with default settings (changed username and password for root user in ColdFusion 11 setup). As soon as I start running ColdFusion 11 as domain users instead of Local System, CFFTP is having the same issue. At first I thought it might have been
Tracker Comment Comment on Coldfusion 11 Update 2 impossible due to error in Coldfusion Administrator by Adobe D.
but the udpates element in the session struct is somehow not defined, but it does not provide any clues on the events that lead to that state. But the steps you've mentioned in the bug report are pretty staright forward, unless we are missing something there.
Is your CF installed with the secure profile? Have