[thelist] CF: Security Question

Frank framar at interlog.com
Sun Jul 28 11:53:01 CDT 2002

Hi all,

Question about security and Cold Fusion. Here are the circumstances:

All directories have an index.cfm that handle  URL/ request.

Protected segmentes are protected using Session vars, run from the
Application file.

Protected subsections have their own security.

All action files, such as inserts, deletes and updates require a number of
specific values to run. (No using IsDefined() here).

Now, how can I prevent someone from accessing a component file of one of my
fuses though a direct URL (who knows how they figure it out, I just want to
handle it in case they do).

Is there a way of preventing access to any document other than index.cfm
from the user while allowing Cold Fusion full access to all it needs?
Especially: Is there a way short of putting some redirect header in each
and every single document that I've created?


This message and any attachment it may have has been found free of viruses
before sending. Viral contagion is on the rise and Microsoft systems are
particularly vulnerable. Our responsibility as good Internet citizens is to
ensure that we prevent transmitting viruses by keeping our own machine
safe.  Please see the following article:


Frank Marion
framar at interlog.com

More information about the thelist mailing list