I'm creating a Coldfusion website, and am going to need sercurity for it. I know people can add code to comments and change background colour etc. I need to have some code to stop this, along with other issues. I have only managed to find php code for any site sercurity codeing. It would really help me to have any coldfusion code for my pages, (for the application page would be even better) to help with sercurity. Or just any things I should cover when learning aabout sercurity, finding out about the code / background change was really helpful! Any help of code would be great! Thanks.
+3
A:
First, in ColdFusion Administrator, make sure "Enable Global Script Protection" is turned on. (It's under "Server Settings > Settings".)
Next, get and use the UDF FormStripHTML. This will allow you to easily "clean up" form submissions. (There is also RemoveHTML, StripHTML and SafeText.) If you need to allow HTML but want to convert it to the appropriate entities, use HTMLSafe. (You might also repurpose NaughtyFilter to replace strings you want to disallow. No reason it has to be profanity.) There are also a bunch of rather useful UDFs in the Security Library.
Al Everett
2010-01-04 14:15:59