If you use the email alerts in CFFormProtect, and you entered your email server information into the ini file, you need to add cfsilent tags around the content of that file, otherwise it could be exposed if a site user happens to discover the location of your ini. This is a bonehead mistake on my part. I didn’t think about it, because with BlogCFC output is suppressed unless you have it surrounded by cfoutput tags. I have updated the zip file at the project site, but you don’t need to download that if you just want to add the cfsilent tags yourself. Thanks to Kyle Blanchard for pointing this out.
CFFormProtect security fix
- Post author:yacoubean
- Post published:June 27, 2007
- Post category:Uncategorized