cfurlencrypt

SourceForge Logo

One of the major problems with using any type of url based variables in a cold fusion application is that url hackers have the opportunity to alter the variables. One solution is to encrypt the url string so that hackers can not access the variables. You can see a working example of this technology in a Links application that you can also download from this page.

There are 2 variables you will need to edit to get this application to work. They are both located in app_locals.cfm

  • request.Module.WebRoot="/Links/";
  • request.Module.DSN = "Links";

    Webroot is from your server root so if your running locally and you have a web address of http://127.0.0.1/Links/ you simply use /Links/

    Establish the included Links.mdb Access database as a datasource and then place the name of the datasource in the request.Module.DSN variable.

    This app is a quick hack job to illustrate using encrypted url variables as an advanced security technique. All Parent/Category ID's and Link ID's are totally encrypted in the url using the secret cf functions cfusion_encrypt and cfusion_decrypt. You'll notice that even when editing a Category or Link you can view source and will not find any ID numbers for a hacker to focus on.

    One of the main problems non-Fusebox professionals have with Fusebox is security because everything is converted to the attributes scope. This method does not use FormURL2Attributes for this reason.

    Take a look at the Project Page


    File
    [DIR_ICON] CVSROOT/
    [DIR_ICON] cfurlencrypt/