Adobe 38043740 - ColdFusion Standard - Mac Manual page 60
Server lockdown guide
Hide thumbs
Also See for 38043740 - ColdFusion Standard - Mac:
- User manual (112 pages) ,
- Development manual (1350 pages)
Table of Contents
Advertisement
Setting
Default
Enable Global
Unchecked
Script Protection
Default ScriptSrc
/CFIDE/scripts/
Directory
Recommendation
Description
Understand
This setting provides very limited
limitations,
protection against certain Cross
Checked
Site Scripting attack vectors. It is
important to understand that
enabling this setting does not
protect your site from all possible
Cross Site Scripting attacks.
When this setting is turned on it uses
a regular expression defined in the
file
neo-security.xml
replace input variables containing
following tags:
script
InvalidTag
restrict any javascript strings that
may be injected and executed,
iframe tags, or any XSS obfuscation
techniques. See Appendix A.13 for
more information on XSS attack
vectors.
/somewhere-else/
Because the scripts directory also
contains CFML source code (such
as FCKeditor), you should move this
directory to a non-default location.
to
,
,
object
embed
,
applet
,
meta
with
. This setting does not
60
Advertisement
Table of Contents
Related Manuals for Adobe 38043740 - ColdFusion Standard - Mac
Related Products for Adobe 38043740 - ColdFusion Standard - Mac
- Adobe 38040334 - Dreamweaver CS3
- Adobe 38040286 - Contribute CS3 - PC
- Adobe 38040165 - Visual Communicator - PC
- Adobe 38043755 - ColdFusion Enterprise - Mac
- Adobe 38000511 - Macromedia Flash Basic
- Adobe 38039927 - Fireworks CS3 - PC
- Adobe 38039481 - Flash CS3 Professional
- Adobe 38000827 - Macromedia ColdFusion MX Standard Edition