Login

    Register

Managed Hosting

PROJECT CATEGORIES

 

UrlEncoder
Project Home Forums Known Issues Contact Project

Author: Bilal (All RIAForge projects by this author)
Last Updated: September 19, 2011 5:05 PM
Version: 1
Views: 17,074
Downloads: 715
License: Apache License, Version 2

Description:

This project shows a sample implementation of URL encoding in combination with URL encryption.
This will assist developers in creating more secure URL inputs while making it simple to transfer complex ColdFusion data with the URL between pages.

The following issues can be mitigated using this component:

Cross Site Scripting via URL: If scripts are injected through URL parameters, this encoder will ensure that no user inputs besides the one set by CF are accepted.

Insecure Direct Object Reference: By encrypting the object references in passed URL the object reference are no longer exposed to users and cannot be changed.

Cross Site Request Forgery: By adding additional reference in the encrypted packages the URLEncoder will assist with Cross Site Request forgery attempts. URL can expire and thus are no longer usable if forwared after they have expired.

The URLEncoder allows a very flexible way of transporting data via URL parameters in a secure fashion. It is not restricted to primitive/simple data types. Complex data such as arrays and structures can easily passed via the URL using this component as well.

Last Update:

example package

Requirements:

CF 7,8,9 or Railo 3.x
You will need to have an active application context,i.e. an Application has been defined using an Application.cfc or Application.cfm file.

Issue Tracker:

There are no issues for this project.

To enter issues for this (or any other) project, you must be logged in.