Being Careful with Passed Parameters
When you are dealing with sensitive information, such as account or purchase histories, you need to be more careful when passing parameters from page to page. It’s easy to let yourself feel that your work is done after you force your users to log in. Of course, forcing them to log in is an important step, but your code still needs to check things internally before it exposes sensitive data.
Recognizing the Problem
Here’s a scenario that illustrates a potential vulnerability. After putting together the OrderHistory.cfm template shown in Listing 23.4, you realize that people will need to be able to see the details of each order, such as the individual items purchased. You decide to allow the user to click ...
Get Adobe ColdFusion 8 Web Application Construction Kit, Volume 1: Getting Started now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.