03/01/2003: Making ColdFusion Modules More Secure
Making ColdFusion Modules More Secure
While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.
<!--- security - this template must be called as a custom tag ---> <CFIF NOT isDefined("caller")> <CFABORT> <CFELSE> <!--- make sure caller is a structure� otherwise they could have passed it in the URL ---> <CFIF NOT isStruct(caller)> <CFABORT> </CFIF> </CFIF>
subscribe via RSS