A–C
D–H
I–Z
Developer services
Project centers
Community resources
- Adobe Cookbooks (share code)
- CSS Advisor (browser bug fixes)
- Exchanges (share components)
- Adobe Labs
- Adobe Open Source
- Forums
- RSS feeds
- Bug base
- User groups
- Adobe Community Experts (ACE)
- Developer events
Integration
Product documentation
Downloads
Samples
Training and books
- Online training
- Classroom training
- Certification
- Adobe Developer Library
- Adobe Press
- Safari Books Online
Newsletters
Blogs
Archives
ADC program
Additional resources
Ryan Wagener
Adobe
Table of Contents
Secure your ColdFusion application against SQL injection attacks
While not any more vulnerable than any other server side language, ColdFusion does have many options to help you protect your site against SQL attacks. The thing to remember is it is not ColdFusion that is vulnerable or any other language that is at fault but it is the way in which the application is coded that causes the issues.
Developers that have spent any significant amount of time building websites quickly realize that security issues are a vital consideration. Malicious users can target your site at any time, forcing you to spend time identifying and fixing the vulnerability that has been exposed. If they made changes to your site, you'll need even more time to restore the site to its original condition, and in the meantime legitimate users' perception of your site may be tarnished irrevocably.
When someone has gained unauthorized access to your site, they can damage it any number of ways, including:
- Redirecting visitors to another site
- Deleting, changing, or adding dynamic content
- Deleting or modifying tables in your database
- Disabling web pages or introducing errors
You can take some basic steps to significantly decrease the chance of your website being altered without your consent. In this article I will explore some tips and tricks that you can use to help protect your websites. Although there are many other aspects of security to understand and steps you can take, this will give you a better understanding of what can be done right now to protect your sites.
Note: The examples used in this article are based on ColdFusion and Microsoft SQL Server. It is important to note that these products are no more vulnerable than any other server-side software. It is the way the application is coded, rather than the underlying technology, that causes most security problems.
Requirements
In order to make the most of this article, you need the following software and files:
ColdFusion 8
Microsoft SQL Server 2005 Express Edition
Prerequisite knowledge
A working knowledge of ColdFusion and database concepts is required.
This work is licensed under a Creative Commons Attribution-Noncommercial 3.0 Unported License.
About the author
Ryan Wagener has been coding web applications since 2002 and began using ColdFusion at version 6. He currently works as an Enterprise Developer Support Consultant supporting Flex, FMS, and ColdFusion.
