Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ColdFusion Security [closed]

Tags:

security

coldfusion

sql-injection

cfml

railo

What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)

Is cfqueryparam enough?

like image 306
Andrew Avatar asked Mar 18 '10 17:03

Andrew

People also ask

Is ColdFusion still a thing?

With thousands of programming languages, ColdFusion is still alive and thriving.

Is ColdFusion 2016 still supported?

Core support for ColdFusion (2016 release) ended on Feb 16, 2021. There shall be no more updates or bug fixes to ColdFusion (2016 release). For more information and dates, see the EOL matrix for ColdFusion.

Is ColdFusion secure?

ColdFusion provides scalable, granular security for building and deploying your ColdFusion applications. ColdFusion provides the following types of security resources: Development ColdFusion Administrator is password-protected. Additionally, you can specify a password for access to data sources from Dreamweaver.

2 Answers

I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart. http://portcullis.riaforge.org/

like image 181
yeffach nollid Avatar answered Sep 19 '22 17:09

yeffach nollid

Pete Freitag has an awesome blog, especially this post on Hardening ColdFusion

like image 22
Antony Avatar answered Sep 17 '22 17:09

Antony
Sign in to Comment

Related questions

What security measures should be taken when creating "change your password" functionality?
Saml Authentication Request Protocol Id
Securing and/or encrypting (hiding) POST variables in a jQuery ajax request
Spring Security OAuth 2.0 - client secret always required for authorization code grant
Is it safe to store a sensitive data in Local Stoarge or session storage? Localstorage allows to any attacks for sensitive data
Can cookies be copied between machines to impersonate a user?
Challenge: maximize cost of obfuscation's reverse engineering
Security considerations when creating a mobile app using PhoneGap
How to crash the .NET common language runtime (CLR) in pure .net
Is it possible to "sandbox" arbitrary JavaScript to only operate on one <div> and not the whole document?
C++/OpenSSL: Use root CA from buffer rather than file (SSL_CTX_load_verify_locations)
AES256 CBC + HMAC SHA256 ensuring confidentiality *and* authentication?
Do canaries prevent return-into-libc and return-oriented programming attacks?
Android System App 101
Is using a for-loop on submitted POST data in PHP safe?
Are uninitialized values ever a security risk?
Python: can I safely unpickle untrusted data?
Rails - Separate Database per Subdomain
Difference between processes running in kernel mode and running as root?
How to encrypt data in javascript and decrypt in php?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!