Encrypted URLs
One misconception that we periodically hear is Fusebox’s dependence on URL variables. “Fusebox can’t be secured,” some misinformed developers say. The truth of the matter is that Fusebox might be considered more secure than traditional ColdFusion applications. Sure, we rely on one more variable in the URL string (?fuseaction=circuit.fuseaction), but because of the security code that goes in Application.cfm mentioned in Chapter 3, “The Fusebox Framework,” our applications are less open to malicious users.
Nonetheless, some people are concerned about URL hacking, and Fusebox is just as susceptible to it as any dynamic application that relies on variables, whether variables are passed in a form or on the URL string. Take, for example, ...
Get Fusebox: Developing ColdFusion® Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
