SQL Injection and CFQUERYPARAM

Posted At : 12 August 2008 22:28 | Posted By : Glyn Jackson
Related Categories: Security , ColdFusion

Attacks using SQL injection is not new and any websites passing parameters in to an SQL string and running them on the fly can be vulnerable to these types of attacks. However recently these types of attacks have been on the increases within the ColdFusion Community.

If you don't know what SQL Injection is, basically SQL injection attack happens when someone or maybe some program tries to add, delete or change data in your online database by making changes to the query string that is passed in an URL/FORM.

[More]

Comments ( 1 ) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 466 Views

HTTP to HTTPS redirect

Posted At : 28 July 2008 14:12 | Posted By : Glyn Jackson
Related Categories: Security , ColdFusion

In some of my applications I only want the user to connect on a Secure Sockets Layer (SSL). I have already installed my SSL Cert and need to know how to force any traffic not on SSL to be on SSL.

An example of when you may want to do this could be when a user on your site is entering sensitive information such as credit card details.

Its not good to rely on the fact you have taken them via a post to a https page, your user could change the URL or gets to your page in a different way. You should always make sure they are on a SSL.

Note: The example below will depend on the particular cgi variables available on your own server .

[More]

Comments ( 0 ) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 300 Views

Longer Session Tokens

Posted At : 28 July 2008 13:46 | Posted By : Glyn Jackson
Related Categories: Security , ColdFusion

Like most of my web applications I use sessions at some point to store information such as login information. I do this by utilizing Session Tokens so that the server can identity who is who. However if you have ever looked at the default session id you may have noticed it is relative easy to guess. If your using the Coldfusion Default Session Management it's made up of the Application name, CFID and CFTOKEN. This creates a unique session ID apart from the app name its only numbers NOT letters or any special characters.

[More]

Comments ( 2 ) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 311 Views
 

About Me

Glyn Jackson, 26 years old, MD and youngest member of a web development firm based in Staffordshire called Newebia Ltd. Academic background in BSc Information System & Internet Commerce. Online marketing expert (EE Ranked) and .NET developer. Has been using ColdFusion for just 3 years but loves it. "I am not a veteran in ColdFusion but I do work on challenging projects which help me learn more about ColdFusion and if I can contribute to the community in anyway then, it's all good!"

Recommends

  • ColdFusion