We are tightening our sites against cross scripting attacks and so forth and used Veracode to scan our source code and it came back with some items to address that are in the CFIDE/scripts directory, such as cfajax.js and ext-all-debug.js to name a few. It did not like the eval() commands in there according to the report.
Has anyone else come cross this and did you do anything to remedy it?
Our code for the most part is fine but CFIDE had a lot of files this scanner listed as severe items vulnerable to attacks so just wondering if anyone else has had to deal with this and how.
We are using CF11 with all the latest updates on a Windows server.
1
Reply
AdChoices