what information is passed around in the hidden fields, is it anything that could be used to hijack sessions, get into users accounts or personal details etc ?
On Thu, Oct 4, 2012 at 3:11 PM, Rob Voyle <[email protected]> wrote: > > Hi > > I created a template that checks variables against threats and then use a > collection="#form#" cfloop that tests all form variables including the > hidden > fields against the threats. > > It solved that particular PCI security compliance check. > > rob > > > > On 4 Oct 2012 at 9:57, fun and learning wrote: > > > > > Hi All, > > I am using input hidden fields for some CGI variables. The security > > scan has issued 'information leakage' threat. These variables are > > defined in a file and the file is included in various places. What > > is the best way to resolve this vulnerability? > > Thanks > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352854 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
