2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

03/01/2003: Making ColdFusion Modules More Secure

Making ColdFusion Modules More Secure

While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.

<!--- security - this template must be called as a custom tag --->
<CFIF NOT isDefined("caller")>
    <CFABORT>
<CFELSE>
    <!---
        make sure caller is a structure´┐Ż otherwise
        they could have passed it in the URL
     --->
    <CFIF NOT isStruct(caller)>
        <CFABORT>
    </CFIF>
</CFIF>


subscribe via RSS