Important BlogCFC update - thanks to ProCheckup

This post is more than 2 years old.

Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Josh posted on 5/19/2010 at 9:11 PM

Have you ever looked at Portcullis?(http://portcullis.riaforge..... It's a SQL injection and XSS filter. I use it and it seems to work pretty well. Filters all form, url, and cookie variables.

Comment 2 by Raymond Camden posted on 5/19/2010 at 9:27 PM

No, I've not. I tend to prefer to do things more obvious - directly on the page. Of course, it leads to mistakes like those corrected by Procheckup.

Comment 3 by Mavelar posted on 6/12/2010 at 12:43 AM

Hey Raymond, what if I want to update those specific files. I have my blog cfc customized.

Comment 4 by Raymond Camden posted on 6/12/2010 at 12:48 AM

Check the readme.txt file. It always details exactly what files changed in what release.