Hack Proofing Your Web Applications

ColdFusion is a Web application language and server that was released by Allaire in 1995. The product has continued to rise in popularity, due largely to the intuitive language structure and user-friendly development environment. ColdFusion is like one-stop Web application shopping both the Web application and server are included within their suite of products. ColdFusion is comprised of two key parts: ColdFusion Studio, which is used to build a site, and ColdFusion Server, which serves the pages to the user. ColdFusion has its own page markup language, called ColdFusion Markup Language (CFML).
In addition to having its own language, ColdFusion offers the additional advantage of scalability. As your Web application grows in size, ColdFusion can grow with you. This feature alone is a strong selling point for many organizations.
ColdFusion also supports extended security in its latest version. Remote Development Services Security is one such enhancement. This feature allows for developers accessing the server resources through ColdFusion Studio to be authenticated before receiving access to protected areas. There is also increased user security. User security is implemented in ColdFusion application pages by the developer; its features offer runtime user authentication and authorization. These features and more are addressed in this chapter.
This chapter also takes a look at the security issues that exist within ColdFusion. Although the documented security issues with ColdFusion may be fewer than are noted with other subjects covered in this book, security holes exist that are worthy of noting. Session Tracking is probably the biggest security...