Soory, not refferer, template, Thanks for the input guys. I do ensure that i have all the latest security measures in place amd abide by all coding practices regading security. I just didnt know how a hacker would get in and what he would exploit.
Anyway, im off to read these articles, keep up the good work j > http://www.cgisecurity.com/owasp/html/index.html is an excellent guide to > building secure web apps which does go through some of the common > vulnerabilities. > > There is also a list of common vulnerabilities in computer systems at > http://www.cve.mitre.org/, though I'm not sure this is really what you want. > > As for books... > "Hacking Web Appplications Exposed" is pretty good and the "Web Security > Pocket Reference" (from one of the authors of Hacking Web Apps Exposed) > looks good too, though I haven't read it. > > None of the above are CF specific, but they will help you understand > security issues affecting web applications and you should be able to then > apply your new found wisdom to your CF development. > > More specific information about particular databases, web servers etc. can > generally be found with a quick google. > > BTW, checking the referer will not prevent somebody from using a template > from a remote machine if the referer you are checking for can be > determined. The referer is a value sent by the client to the server. As the > client does not have to be a web browser (CFHTTP is effectively a HTTP > client) once the client knows what referer you are checking for, it can > send that referer for future requests, circumventing your security procedure. > > > Mark > > > > >hello, > > > >I have been pondering over this for a while, adn i cant seem to find any > >answers to my questions. > > > >Website security. I see written everywhere, do this to increase security, > >do that to increase security, but what i want to know is what a hacker can > >do to a website. Like how can they retrieve dsn info, or access your db, > >or download your cfcs, so i can be aware of exactly what they an do. I > >cannot find anything detailing exactly what you are to prevent happening. > >do you follow? > > > >for example, a form which sends mail. > > > >For security: The recieving template would check that the refferer was > >your form on your site and that the vars it can accept are form.field and > >form.field2 etc. > > > >to prevent: This is to prevent somebody using the template from a remote > >computer/site > > > >Like info which is stored in a db, is it really safe? i know there are > >security things to put in place but what do they prevent, > > > >Hope i make sense. > > > >from a confused ajmie! > > > >--- > >You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > >To unsubscribe send a blank email to [EMAIL PROTECTED] > > > >MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia > >http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
