For some general ideas of things to watch out for: ColdFusion Developer's Journal, Sept. 2004, pg. 48-50, had a good article: Top 10 Web Security Tips.
Macromedia Developer Center has a helpful article: Ten tips for securing your ColdFusion application. http://www.macromedia.com/devnet/security/articles/topten_tips.html Plus: After you log a user out of an site, in the application.cfm file clear their CFID, CFTOKEN, JSESSIONID, and session, then do a cflocate to the index page of the site and that *should* prevent the back-button from letting anyone view secure pages (if you have everything else setup right). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:189706 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
