2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2020

03/01/2003: Making ColdFusion Modules More Secure

Making ColdFusion Modules More Secure

While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.

<!--- security - this template must be called as a custom tag --->
<CFIF NOT isDefined("caller")>
    <CFABORT>
<CFELSE>
    <!---
        make sure caller is a structure� otherwise
        they could have passed it in the URL
     --->
    <CFIF NOT isStruct(caller)>
        <CFABORT>
    </CFIF>
</CFIF>

03/01/2003: How Do I Prevent a Page From Caching in the Browser Using ColdFusion?

How Do I Prevent a Page From Caching in the Browser Using ColdFusion?

The following code should work in most situations. This code is courtesy of Cameron Childress).

<!--- Anti-cache --->
<CFSET gmts = gettimezoneinfo()>
<CFSET gmt = gmts.utcHourOffset>
<CFIF gmt EQ 0>
  <CFSET gmt = "">
<CFELSEIF gmt GT 0>
  <CFSET gmt = "+" & gmt >
</CFIF>

<CFHEADER NAME="Expires" VALUE="Mon, 06 Jan 1990 00:00:01 GMT">
<CFHEADER NAME="Pragma" VALUE="no-cache">
<CFHEADER NAME="cache-control" VALUE="no-cache, must-revalidate">
<CFHEADER NAME="Last-Modified"
  VALUE="#dateformat(now(), 'ddd, dd mmm yyyy')# #timeformat(now(), 'HH:mm:ss')# GMT#gmt#">