Saturday, March 01, 2003

CodeBit; Making ColdFusion Modules More Secure

While reading an article written by Matt Reider (Macromedia), I noticed the following tidbit that ensures that a CF module is not called directly via a URL.

<!--- security - this template must be called as a custom tag --->
<CFIF NOT isDefined("caller")>
    <CFABORT>
<CFELSE>
    <!--- 
        make sure caller is a structure� otherwise 
        they could have passed it in the URL
     --->
    <CFIF NOT isStruct(caller)>
        <CFABORT>
    </CFIF>
</CFIF>
Post a Comment