Hi I created a template that checks variables against threats and then use a collection="#form#" cfloop that tests all form variables including the hidden fields against the threats.
It solved that particular PCI security compliance check. rob On 4 Oct 2012 at 9:57, fun and learning wrote: > > Hi All, > I am using input hidden fields for some CGI variables. The security > scan has issued 'information leakage' threat. These variables are > defined in a file and the file is included in various places. What > is the best way to resolve this vulnerability? > Thanks > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352853 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
