Well, there's entire books dedicated to web security, a few things Paul didn't mention: 1) verify data type - if users are entering any freetext, make sure it's valid (ie, isNumeric, is gt 0, etc) 2) client assumptions - make sure you aren't assuming things like JS or Cookies, or if so, make sure you have the logic (programmatic or business) to handle this - the main area I see this is not doing server-side validation because it is assumed the client-side (JS) validation will catch invalid entries 3) third-party integration - mainly in connecting to someone else over the Internet (cf_ups, credit card processing) - how will your application behave if someone else is down, etc?
----- Original Message ----- From: "Michael Ross" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, January 29, 2002 4:21 PM Subject: Final Check through > I know this may not be very good, but I want to make sure I do this right. I am just about to go live with a site with the whole shopping cart thing, Its all ready but it being my first cart I was wondering if anyone had any final checks just to make sure...like security and dumb users. I am pretty sure I have gone over everything and had many people test it, It would just be nice to lean on everyone and all your experience. > > thanks > mike > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
