tracker issue : CF-3529334

select a category, or use search below
(searches all categories and all time range)
Title:

Secure Profile should be opt-out

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/25/2013

Components: Installation/Config

Versions: 10.0

Failure Type: Enhancement Request

Found In Build/Fixed In Build: Final / 288700,288699

Priority/Frequency: Trivial / Unknown

Locale/System: English / Platforms All

Vote Count: 1

Duplicate ID:	CF-3590046

The ColdFusion 10 installer set Secure Profile to be an opt-in with it being shown as "Enable Secure Profile". This should be changed to make it an opt-out with "Disable Secure Profile".

Too many admins just click through the installer. Changing it would result in deployment of more secure ColdFusion installs. While there might be an inconvenience to roll back some of the settings, the recent attacks show that Secure Profile should be the default and not an option.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3529334

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email:

Attachments:

Comments:

+1: this makes sense. -- Adam
Vote by External U.
15914 | April 26, 2013 01:41:55 AM GMT
This is duplicate bug.
Comment by Krishna R.
15911 | February 23, 2014 04:03:24 AM GMT
Krishna, While it is nice to find out that it is a "duplicate" of CF-3590046, I cannot seem to find that bug id on any of the bug trackers that I can access.
Comment by External U.
15912 | February 23, 2014 11:56:57 AM GMT
Modified the duplicate status. That is an internal bug so made that internal bug as duplicate of this.
Comment by Krishna R.
15913 | February 24, 2014 01:22:53 AM GMT