Project Home • Forums • Known Issues • Contact Project
This project shows a sample implementation of URL encoding in combination with URL encryption.
This will assist developers in creating more secure URL inputs while making it simple to transfer complex ColdFusion data with the URL between pages.
The following issues can be mitigated using this component:
Cross Site Scripting via URL: If scripts are injected through URL parameters, this encoder will ensure that no user inputs besides the one set by CF are accepted.
Insecure Direct Object Reference: By encrypting the object references in passed URL the object reference are no longer exposed to users and cannot be changed.
Cross Site Request Forgery: By adding additional reference in the encrypted packages the URLEncoder will assist with Cross Site Request forgery attempts. URL can expire and thus are no longer usable if forwared after they have expired.
The URLEncoder allows a very flexible way of transporting data via URL parameters in a secure fashion. It is not restricted to primitive/simple data types. Complex data such as arrays and structures can easily passed via the URL using this component as well.
CF 7,8,9 or Railo 3.x
You will need to have an active application context,i.e. an Application has been defined using an Application.cfc or Application.cfm file.
There are no issues for this project.
To enter issues for this (or any other) project, you must be logged in.
Adobe and the Adobe product names are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.