At CFUN a few weeks back, I gave a presentation (with a bad name - Security) that talked about Bulletproof Websites. This is just a fancy way of describing a web site that cannot, and will not, break if input parameters (url variables, form fields, cookies) are messed with. How many web sites out there break if you change a simple ?id=5 in the URL to ?id=ray? Way too many.
By the way, I know my sites aren't perfect either. But it seems like people are not even coming close to considering error trapping in their application design. If this is a topic that interests people, I'll blog more on it later. Right now I have to eat or I'll waste away into nothingness. (Well, I'm probably a few dingdongs away from that. ;)
Archived Comments
Hi Raymond:
Will you be posting PowerPoint shows or other notes from that presentation?
Thanks,
Mike
Mike, see the CFUN03 topics page, you can download presentations and sample code there:
http://www.cfconf.org/cfun-...
The power point there is currently a tiny bit old. Today I will post the most current versions, and will send them off to the cfun web site as well.
excellent topic. bulletproof (& elegant) exception handling wasn't feasible in cf5 so i ignored it a lot. what have you done with mx (from http request open to close).
sjf