Skip to main content
lovewebdev
lovewebdev
Inspiring
March 21, 2009
Question

Protecting Application.cfm

  • March 21, 2009
  • 5 replies
  • 828 views
What security measures can we take to protect the Application.cfm file. We usually keep database login and password info obviously and other password info. Is there really nothing else to do except knowing that no one should access the actual file? thanks!
    This topic has been closed for replies.

    5 replies

    lovewebdev
    lovewebdevAuthor
    Inspiring
    March 27, 2009
    Yes thank you. I guess if I was on a dedicated server I could put all the info directly into the administrator.

    Anyone know of a very affordable dedicated server hosting with CF and sql server?
    N
    Newsgroup_User
    Inspiring
    March 23, 2009
    @Dan: password in <cfmail> tag: some mail servers require full
    authentication to send/relay messages, and one must then provide smtp
    server name, username and password in cfmail tag. of course, you can set
    this up in cf admin if you are only using ONE mail server for all the
    websites hosted on same cf server...

    @lovewebdev: as you can see, one CAN'T view Application.cfm file in
    their browser. it's a special file that CAN'T be requested directly - it
    is only processed internally by CF before any other page request.

    Azadi Saryev
    Sabai-dee.com
    http://www.sabai-dee.com/
    D
    Dan_Bracuk
    Inspiring
    March 22, 2009
    You can use the admin page to set up your datasources so you don't need login info in any file.

    Why do you need to put password's in cfmail tags? I use that tag somewhat frequently and didn't even know there was a password attribute.
    D
    Dan_Bracuk
    Inspiring
    March 22, 2009
    quote:
    Originally posted by: lovewebdev
    What security measures can we take to protect the Application.cfm file. We usually keep database login and password info obviously and other password info. Is there really nothing else to do except knowing that no one should access the actual file? thanks!

    Why do you have database login information and other passwords there?
    lovewebdev
    lovewebdevAuthor
    Inspiring
    March 22, 2009
    quote:
    Originally posted by: Dan Bracuk
    Why do you have database login information and other passwords there?


    Well, the login and password must be in the <cfquery> tag on any given page that queries the db. We just put it in a application variable instead of on every single database driven page.

    We do the same for <cfmail> you need to put the email and the password in the tag so we use application variables instead to make changes more efficient.

    When you try accessing application.cfm from the browser you get:
    nvalid request of Application.cfm, Application.cfc or OnRequestEnd.cfm file.
    You have requested a page with the name application.cfm. This file name is reserved by the ColdFusion engine for the specification of application level settings and therefore cannot be directly requested from a web client.
    N
    Newsgroup_User
    Inspiring
    March 21, 2009
    have you tried to access your Application.cfm file directly?
    go ahead and try it.

    Azadi Saryev
    Sabai-dee.com
    http://www.sabai-dee.com/
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices