Please send comments/questions to michael@ teratech.com
ColdFusion Code Security
Speaker Information
Introduction
ColdFusion Security
Not covered in this talk
Error handling
Error handling code
Form Validation
Why is validation important?
Underscore Validation
CFFORM Validation
Javascript Validation
CF Validation
Authentication
Fake form submits
Fake URLs
Fake cookies
Page Validation
CFQUERYPARAM
Protect CFINCLUDE and CFMODULE files
Code to protect CFINCLUDE files
Code Defensively
Datasource password
Input massaging
CFCONTENT
Logins
Members Only
Session, client and cookies
Timeouts
Session Tracking
Session hang over
Remember Me
Back button hacking
Encryption
Hashing passwords
Refresh Issues
Resources
What Security Means
Next Steps