relying on "enable script protection" is like closing your front door and thinking you can't get burgled. It may stop the casual opportunist who sees your door open and decides to rob you, but a professional burglar wont walk in via the front door anyway, he will find another way in. In the same way global script protect only blocks the really basic most common attacks, it will do nothing for anything more sophisticated.
This is not a topic specific to ColdFusion, you need to research the topic in general, it applies to all platforms. You can find many CF specific article son Google though. https://www.google.co.uk/search?q=how+to+secure+your+coldfusion+application&oq=how+to+secure+your+coldfusion+application&aqs=chrome.0.57.7359&sugexp=chrome,mod=15&sourceid=chrome&ie=UTF-8 I would suggest taking a look here for any recorded meetups on the topic http://www.meetup.com/coldfusionmeetup/ The quick and simple solution would probably be to use Fuseguard. http://foundeo.com/security/ On Thu, Nov 15, 2012 at 4:55 PM, Jamie Bowers <[email protected]>wrote: > > I haven't done Coldfusion since CF4, however recently have been tasked to > look at a CF7MX appilication that has 3 security issues they are looking to > fix. > > 1. Cross Site Scripting - I believe I have this one figured out using the > Admin Pannel's "Enable global script protection" > 2. Format String Injection > 3. Parameter Based Buffer Overflow > > I have been able to find generalized information on the other two issues, > but nothing as it relates to CF itself. Will the "Enable global script > protection" fix these other two as well or should I be looking elsewhere? > Everything I am finding has to do with SQL injection and not Format String > Injection, and I'm finding nothing on Parameter Based Buffer Overflow. > > Any help anyone could provide would be great. > > Thanks, > Jamie > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353182 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
