Copy link to clipboard
Copied
We are tightening our sites against cross scripting attacks and so forth and used Veracode to scan our source code and it came back with some items to address that are in the CFIDE/scripts directory, such as cfajax.js and ext-all-debug.js to name a few. It did not like the eval() commands in there according to the report.
Has anyone else come cross this and did you do anything to remedy it?
Our code for the most part is fine but CFIDE had a lot of files this scanner listed as severe items vulnerable to attacks so just wondering if anyone else has had to deal with this and how.
We are using CF11 with all the latest updates on a Windows server.
Copy link to clipboard
Copied
You can configure your web server to block those files if your application does not use them.