Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ColdFusion Security [closed]

What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)

Is cfqueryparam enough?

like image 306
Andrew Avatar asked Mar 18 '10 17:03

Andrew


People also ask

Is ColdFusion still a thing?

With thousands of programming languages, ColdFusion is still alive and thriving.

Is ColdFusion 2016 still supported?

Core support for ColdFusion (2016 release) ended on Feb 16, 2021. There shall be no more updates or bug fixes to ColdFusion (2016 release). For more information and dates, see the EOL matrix for ColdFusion.

Is ColdFusion secure?

ColdFusion provides scalable, granular security for building and deploying your ColdFusion applications. ColdFusion provides the following types of security resources: Development ColdFusion Administrator is password-protected. Additionally, you can specify a password for access to data sources from Dreamweaver.


2 Answers

I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart. http://portcullis.riaforge.org/

like image 181
yeffach nollid Avatar answered Sep 19 '22 17:09

yeffach nollid


Pete Freitag has an awesome blog, especially this post on Hardening ColdFusion

like image 22
Antony Avatar answered Sep 17 '22 17:09

Antony