[thelist] CF: Security Question

Matt Liotta mliotta at r337.com
Sun Jul 28 14:36:00 CDT 2002

Only leave the index.cfm scripts in web accessible directories. Move all
your other scripts into inaccessible directories. Remember, <cfinclude>
can include a file that isn't web accessible.

Matt Liotta
President & CEO
Montara Software, Inc.
V: 415-577-8070
F: 415-341-8906
P: 4155778070 at messaging.sprintpcs.com

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]
> On Behalf Of Frank
> Sent: Sunday, July 28, 2002 9:50 AM
> To: thelist at lists.evolt.org
> Subject: [thelist] CF: Security Question
> Hi all,
> Question about security and Cold Fusion. Here are the circumstances:
> All directories have an index.cfm that handle  URL/ request.
> Protected segmentes are protected using Session vars, run from the
> Application file.
> Protected subsections have their own security.
> All action files, such as inserts, deletes and updates require a
number of
> specific values to run. (No using IsDefined() here).
> Now, how can I prevent someone from accessing a component file of one
> my
> fuses though a direct URL (who knows how they figure it out, I just
> to
> handle it in case they do).
> Is there a way of preventing access to any document other than
> from the user while allowing Cold Fusion full access to all it needs?
> Especially: Is there a way short of putting some redirect header in
> and every single document that I've created?
> Thanks
> --
> This message and any attachment it may have has been found free of
> before sending. Viral contagion is on the rise and Microsoft systems
> particularly vulnerable. Our responsibility as good Internet citizens
> to
> ensure that we prevent transmitting viruses by keeping our own machine
> safe.  Please see the following article:
> http://www.frankmarion.com/VirusPrimer.html
> Frank Marion
> framar at interlog.com
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of thelist go to:
> http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list