Posts Tagged security

Never output anything to a browser without using a formatting filter

Cross-site scripting (XSS) vulnerabilities can be quite a serious problem if you’re not careful. And if you’re using a framework like CFWheels, you need to be extra careful to protect your output from rendering malicious content.

In this post, I suggest that you must always use a formatting function like EncodeForHtml, DateFormat, or NumberFormat when outputting any dynamic value.

Read the rest of this entry ›


Restrict Key CFWheels URL Variables from Google Analytics

Here’s a little tip to keep anyone in your organization using Google Analytics from accidentally reloading your CFWheels application in the wrong environment.

Read the rest of this entry ›