A web browser is responsible entity for securing data on client system when it traverses on the internet. It is not possible for a web server for the security between the server and client system. It is possible for hacker to crack the SSL certificate holding attacks. So, it becomes a ColdFusion administrator’s job to protect sites from hackers.
Today the trend of XSS hacking attacks are on the sky. XSS attack is the process of the injecting of the Javascript, activeX control, forms and other valid HTML tags into the other website data. XSS attack is very powerful because browser accepts non validated data from the website source code and executes the malicious code.
In terms of code, Adobe recommends using the following techniques in your CFML:
Use <cfheader> to define a character set in HTML output.
Secure Ajax calls with the isjson and Verify Client function, the secureJSON and other secure JSON application properties, and the tag attribute.
Properly scope all variables.
Escape and replace special characters and tags content in Java.
Use the scriptProtect setting, described in the next section.
Hope you have liked this post ! Thanks for reading it !
reference links -
A web browser is responsible entity for securing data on client system when it traverses on the internet. It is not possible for a web server for the security between the server and client system. It is possible for hacker to crack the SSL certificate holding attacks. So, it becomes a ColdFusion administrator’s job to protect sites from hackers.
Today the trend of XSS hacking attacks are on the sky. XSS attack is the process of the injecting of the Javascript, activeX control, forms and other valid HTML tags into the other website data. XSS attack is very powerful because browser accepts non validated data from the website source code and executes the malicious code.
In terms of code, Adobe recommends using the following techniques in your CFML:
Use <cfheader> to define a character set in HTML output.
Secure Ajax calls with the isjson and Verify Client function, the secureJSON and other secure JSON application properties, and the tag attribute.
Properly scope all variables.
Escape and replace special characters and tags content in Java.
Use the scriptProtect setting, described in the next section.
Hope you have liked this post ! Thanks for reading it !
reference links -