O'Reilly logo

Adobe ColdFusion 8 Web Application Construction Kit, Volume 1: Getting Started by Charlie Arehart, Raymond Camden, Ben Forta

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Being Careful with Passed Parameters

When you are dealing with sensitive information, such as account or purchase histories, you need to be more careful when passing parameters from page to page. It’s easy to let yourself feel that your work is done after you force your users to log in. Of course, forcing them to log in is an important step, but your code still needs to check things internally before it exposes sensitive data.

Recognizing the Problem

Here’s a scenario that illustrates a potential vulnerability. After putting together the OrderHistory.cfm template shown in Listing 23.4, you realize that people will need to be able to see the details of each order, such as the individual items purchased. You decide to allow the user to click ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required