What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)
Is cfqueryparam enough?
+7
A:
I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart. http://portcullis.riaforge.org/
yeffach nollid
2010-03-18 18:06:20
+5
A:
Pete Freitag has an awesome blog, especially this post on Hardening ColdFusion
Antony
2010-03-18 22:45:49
+1
A:
I would say best practices for ColdFusion are similar to those for programming web applications in any language.
I recently read Essential PHP Security Chris Shiflett and the majority of issues discussed affect ColdFusion as well, though the syntax for dealing with them may be slightly different. I expect there are other (possibly better) language agnostic books which contain principles which can easily be altered for use in ColdFusion.
Loftx
2010-03-19 22:29:29