Re: Script Protect Question
Script protect is blocking the form variables and I'm recording blanks for these transactions. I don't really want to turn off script protect globally, but I do want to shut of the forms protect on selected pages. How can I list the pages and/or form variables I want to allow as an exception? You could probably do this by adding conditional logic in Application.cfc that turns the feature off for a specific list of pages. Otherwise, you could put the problematic pages in a separate directory and give them their own Application.cfc. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Script Protect Question
Do you know of any code samples for the first solution where you may be able to send a link? I read the documentation and agree this seems to be the way to do, but I'd sure like to see some sample code on that. Thanks Robert Harrison -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, May 13, 2014 10:30 AM To: cf-talk Subject: Re: Script Protect Question Script protect is blocking the form variables and I'm recording blanks for these transactions. I don't really want to turn off script protect globally, but I do want to shut of the forms protect on selected pages. How can I list the pages and/or form variables I want to allow as an exception? You could probably do this by adding conditional logic in Application.cfc that turns the feature off for a specific list of pages. Otherwise, you could put the problematic pages in a separate directory and give them their own Application.cfc. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Script Protect Question
or you could consider taking a look at Fusegaurd instead which will give you far more granular control. There are also various web application firewall modules available for IIS and Apache which you could use for more generic security that is not CF specific. On Tue, May 13, 2014 at 3:34 PM, Robert Harrison rob...@austin-williams.com wrote: Do you know of any code samples for the first solution where you may be able to send a link? I read the documentation and agree this seems to be the way to do, but I'd sure like to see some sample code on that. Thanks Robert Harrison -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, May 13, 2014 10:30 AM To: cf-talk Subject: Re: Script Protect Question Script protect is blocking the form variables and I'm recording blanks for these transactions. I don't really want to turn off script protect globally, but I do want to shut of the forms protect on selected pages. How can I list the pages and/or form variables I want to allow as an exception? You could probably do this by adding conditional logic in Application.cfc that turns the feature off for a specific list of pages. Otherwise, you could put the problematic pages in a separate directory and give them their own Application.cfc. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Script Protect Question
or you could consider taking a look at Fusegaurd instead which will give you far more granular control. There are also various web application firewall modules available for IIS and Apache which you could use for more generic security that is not CF specific. Yeah, honestly, I'd also recommend any of these approaches over CF's script protect, which is very weak. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Script Protect Question
Understood, unfortunately I'm not in a position to revamp all the 21 sites we just moved right now and change the structure. I'm just looking for a fix to solve on issue on a few selected pages in this new environment. Thanks Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, May 13, 2014 11:39 AM To: cf-talk Subject: Re: Script Protect Question or you could consider taking a look at Fusegaurd instead which will give you far more granular control. There are also various web application firewall modules available for IIS and Apache which you could use for more generic security that is not CF specific. Yeah, honestly, I'd also recommend any of these approaches over CF's script protect, which is very weak. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358631 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Script Protect Question
Do you know of any code samples for the first solution where you may be able to send a link? I read the documentation and agree this seems to be the way to do, but I'd sure like to see some sample code on that. I don't have one handy - I don't use it - but will try to put something together later today. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Script Protect Question
if you were not using scriptProtect before anyway, is there a specific reason you want it now enabled? relying on ScriptProtect is likely to just lull you into a false sense of security, although it is better than nothing. FuseGuard is not a major revamping, it is actually quite easy to insert into your site. Web Application Firewall require no revamping of any sites at all as you install it at web server and can apply it to all sites in one swoop. there is also this: http://portcullis.riaforge.org/ On Tue, May 13, 2014 at 4:43 PM, Robert Harrison rob...@austin-williams.com wrote: Understood, unfortunately I'm not in a position to revamp all the 21 sites we just moved right now and change the structure. I'm just looking for a fix to solve on issue on a few selected pages in this new environment. Thanks Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, May 13, 2014 11:39 AM To: cf-talk Subject: Re: Script Protect Question or you could consider taking a look at Fusegaurd instead which will give you far more granular control. There are also various web application firewall modules available for IIS and Apache which you could use for more generic security that is not CF specific. Yeah, honestly, I'd also recommend any of these approaches over CF's script protect, which is very weak. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm