Daryl Fullerton wrote:
> Hi all,
>
> Any one got general advice on how to prevent hackers from getting access to
> CF sites via back doors and tampering with data
Non-scoped variables are my favourites if I have to prove somebodies
security is bad ;)
> We dont want the hackers to be able to change data via URL strings.
Use cfqueryparam for every variable in queries.
> e.g Encrypting URL variables etc
If it needs encrypting you shouldn't pass it through a URL anyway.
> Any good articles out there?
Did you read http://www.allaire.com/security/
Jochem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
