> Perhaps we can get a thread going about FuseBox security, URL
> params and other security concerns so the rest of us don't get
> hit by those Klingon disruptors!
OK. Here's one. If you use your FB apps as <cfmodule> and want to set
header/footer values when calling with <cfmodule> then you can disable
hacks where hacker modifies URLs to include wrong files with this code in
app_globals.cfm/app_locals.cfm:
<!--- Header & footer files --->
<cfif IsDefined("ThisTag") AND IsStruct(ThisTag)>
<!--- Default values, if app is used as <cfmodule> --->
<cfparam name="attributes.headerfile" default="blocks/dsp_header.cfm">
<cfparam name="attributes.footerfile" default="blocks/dsp_footer.cfm">
<cfelse>
<!--- Set explicitly if app is not used as <cfmodule> (disables URL
hacks) --->
<cfset attributes.headerfile = "blocks/dsp_header.cfm">
<cfset attributes.footerfile = "blocks/dsp_footer.cfm">
</cfif>
Erki
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
