03/01/2003: Making ColdFusion Modules More Secure
Making ColdFusion Modules More Secure
While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.
<!--- security - this template must be called as a custom tag ---> <CFIF NOT isDefined("caller")> <CFABORT> <CFELSE> <!--- make sure caller is a structure� otherwise they could have passed it in the URL ---> <CFIF NOT isStruct(caller)> <CFABORT> </CFIF> </CFIF>
03/01/2003: How Do I Prevent a Page From Caching in the Browser Using ColdFusion?
How Do I Prevent a Page From Caching in the Browser Using ColdFusion?
The following code should work in most situations. This code is courtesy of Cameron Childress).
<!--- Anti-cache ---> <CFSET gmts = gettimezoneinfo()> <CFSET gmt = gmts.utcHourOffset> <CFIF gmt EQ 0> <CFSET gmt = ""> <CFELSEIF gmt GT 0> <CFSET gmt = "+" & gmt > </CFIF> <CFHEADER NAME="Expires" VALUE="Mon, 06 Jan 1990 00:00:01 GMT"> <CFHEADER NAME="Pragma" VALUE="no-cache"> <CFHEADER NAME="cache-control" VALUE="no-cache, must-revalidate"> <CFHEADER NAME="Last-Modified" VALUE="#dateformat(now(), 'ddd, dd mmm yyyy')# #timeformat(now(), 'HH:mm:ss')# GMT#gmt#">