CF Snippets

Lock Down Your App with Application.cfc

There are a few security-related configuration settings in Application.cfc which you should consider enabling by default for every app you make. If you find a setting is too restrictive, you can always turn it off later.

// Application.cfc
component {
  this.name = "myApp";
  // we don't need uploads in this app; why leave a possible open hole?
  this.blockedExtForFileUpload = "*";
  // easy first line of defense against scripts pasted into forms.
  this.scriptProtect					 = "all";
  // more secure session cookies
  this.sessioncookie = {
    httpOnly: true,
    secure  : true
  };
}