[thelist] CF: Security Question
Matt Liotta
mliotta at r337.com
Sun Jul 28 14:36:00 CDT 2002
Only leave the index.cfm scripts in web accessible directories. Move all
your other scripts into inaccessible directories. Remember, <cfinclude>
can include a file that isn't web accessible.
Matt Liotta
President & CEO
Montara Software, Inc.
http://www.montarasoftware.com/
V: 415-577-8070
F: 415-341-8906
P: 4155778070 at messaging.sprintpcs.com
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]
> On Behalf Of Frank
> Sent: Sunday, July 28, 2002 9:50 AM
> To: thelist at lists.evolt.org
> Subject: [thelist] CF: Security Question
>
>
> Hi all,
>
> Question about security and Cold Fusion. Here are the circumstances:
>
> All directories have an index.cfm that handle URL/ request.
>
> Protected segmentes are protected using Session vars, run from the
> Application file.
>
> Protected subsections have their own security.
>
> All action files, such as inserts, deletes and updates require a
number of
> specific values to run. (No using IsDefined() here).
>
> Now, how can I prevent someone from accessing a component file of one
of
> my
> fuses though a direct URL (who knows how they figure it out, I just
want
> to
> handle it in case they do).
>
> Is there a way of preventing access to any document other than
index.cfm
> from the user while allowing Cold Fusion full access to all it needs?
> Especially: Is there a way short of putting some redirect header in
each
> and every single document that I've created?
>
> Thanks
>
>
>
>
> --
> This message and any attachment it may have has been found free of
viruses
> before sending. Viral contagion is on the rise and Microsoft systems
are
> particularly vulnerable. Our responsibility as good Internet citizens
is
> to
> ensure that we prevent transmitting viruses by keeping our own machine
> safe. Please see the following article:
>
> http://www.frankmarion.com/VirusPrimer.html
>
> Frank Marion
> framar at interlog.com
>
>
>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of thelist go to:
> http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list