What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)
Is cfqueryparam enough?
With thousands of programming languages, ColdFusion is still alive and thriving.
Core support for ColdFusion (2016 release) ended on Feb 16, 2021. There shall be no more updates or bug fixes to ColdFusion (2016 release). For more information and dates, see the EOL matrix for ColdFusion.
ColdFusion provides scalable, granular security for building and deploying your ColdFusion applications. ColdFusion provides the following types of security resources: Development ColdFusion Administrator is password-protected. Additionally, you can specify a password for access to data sources from Dreamweaver.
I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart. http://portcullis.riaforge.org/
Pete Freitag has an awesome blog, especially this post on Hardening ColdFusion
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With