May 19, 2010 (This post is more than 2 years old.)

Important BlogCFC update - thanks to ProCheckup

Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org

Support this Content!

If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!

Want to get a copy of every new post? Use the form below to sign up for my newsletter.

Archived Comments

Comment 1 by Josh posted on 5/19/2010 at 9:11 PM

Have you ever looked at Portcullis?(http://portcullis.riaforge..... It's a SQL injection and XSS filter. I use it and it seems to work pretty well. Filters all form, url, and cookie variables.

Comment 2 by Raymond Camden posted on 5/19/2010 at 9:27 PM

No, I've not. I tend to prefer to do things more obvious - directly on the page. Of course, it leads to mistakes like those corrected by Procheckup.

Comment 3 by Mavelar posted on 6/12/2010 at 12:43 AM

Hey Raymond, what if I want to update those specific files. I have my blog cfc customized.

Comment 4 by Raymond Camden posted on 6/12/2010 at 12:48 AM

Check the readme.txt file. It always details exactly what files changed in what release.

Support this Content!

Webmentions

Archived Comments