Making ColdFusion Modules More Secure

Making ColdFusion Modules More Secure

While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.

<!--- security - this template must be called as a custom tag --->
<CFIF NOT isDefined("caller")>
    <CFABORT>
<CFELSE>
    <!---
        make sure caller is a structure� otherwise
        they could have passed it in the URL
     --->
    <CFIF NOT isStruct(caller)>
        <CFABORT>
    </CFIF>
</CFIF>