ColdFusion Security

Posted by Andrew on Stack Overflow See other posts from Stack Overflow or by Andrew
Published on 2010-03-18T17:54:49Z Indexed on 2010/03/18 18:11 UTC
Read the original article Hit count: 305

Filed under:

coldfusion

|

sql-injection

|

security

What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)

Is cfqueryparam enough?

© Stack Overflow or respective owner

Related posts about coldfusion

Coldfusion autorestart

as seen on Server Fault - Search for 'Server Fault'
Coldfusion is automatically restarting, a lot. It comes in waves, everything seems fine for a while then the server struggles for a few minutes, restarts a lot then settles down again. I have Fusion Reactor installed, but when CF goes down FR stops logging so it's not really helping. Looking through… >>> More
How do I change ColdFusion Help to show ColdFusion 8 Documentation, instead of ColdFusion 9 Document

as seen on Stack Overflow - Search for 'Stack Overflow'
I love ColdFusion Builder. But I don't like that the help only has CF9 Documentation. Is there any way to change this to have ColdFusion 8 Documenation? >>> More
Moving from ColdFusion 8 to ColdFusion 10 - Migration Fails

as seen on Server Fault - Search for 'Server Fault'
After having made several attempts to migrate from a ColdFusion 8 Standard server to a ColdFusion 10 Standard server, it feels like I am "almost" there. I'm using the 64 bit installer from Adobe's website. I'm using a Windows Server 2008 (64 bit) server with IIS 7.0. The installation itself goes… >>> More
Unauthorized Sharepoint WSDL from Coldfusion 8

as seen on Stack Overflow - Search for 'Stack Overflow'
How do I solve the error: Unable to read WSDL from URL: https://workflowtest.site.edu/_vti_bin/Lists.asmx?WSDL. Error: 401 Unauthorized. I can successfully view the WSDL from the browser using the same user account. I'm not sure which authentication is being used (Basic or Integrated). How… >>> More
ColdFusion Server crash after thousands of HTTP requests

as seen on Server Fault - Search for 'Server Fault'
We are running ColdFusion 8 on a windows server 2003 VPS with an API that exposes student records to a partner API through a connector. Our API returns around 50k student records serialized in XML format pretty seamlessly. My question originates when something very frightening happened today when… >>> More

Related posts about sql-injection

Is this query vulnerable to sql injection?

as seen on Stack Overflow - Search for 'Stack Overflow'
$myq = sprintf("select user from table where user='%s'", $_POST["user"]); I would like to know if the above query can be exploited using SQL injection. Is there any advanced SQL injection technique that could break sprintf for this particular query? >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
10 Ways to Prevent or Mitigate SQL Injection Attacks

as seen on Internet.com - Search for 'Internet.com'
SQL injection attacks could allow hackers to compromise your network, access and destroy your data, and take control of your machines. >>> More
Database Activity Monitoring Part 2 - SQL Injection Attacks

as seen on SQL Server Central - Search for 'SQL Server Central'
If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted… >>> More
SQL Server SQL Injection from start to end

as seen on SQL Team - Search for 'SQL Team'
SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal… >>> More