Table of Contents
Advertisement
Attribute
setDomainCookies
scriptProtect
Usage
This tag is typically used in the Application.cfm file, to set defaults for a ColdFusion application.
Note: You can also set the application defaults in the Application.cfc file. For more information, see
"Application variables" on page
This tag enables application variables, unless they are disabled in the ColdFusion Administrator.
The Administrator setting also overrides the
information, see Configuring and Administering ColdFusion MX.
If ColdFusion is running on a cluster, you must specify
source name; you cannot specify
ColdFusion generates an error if the application name is longer than 64 characters.
The CFTOKEN variable is 8 bytes in length. Its range is 10000000 —99999999.
Note: If you specify
are not saved in the Client browser.
Protecting variables from cross-site scripting attacks
The
ScriptProtect
scripting attacks, where a client attempts to get your application to send malicious code back to a
user's browser. In these attacks, user input (for example, from form fields or from URL variables)
sets a CF variable which is destined for user output. The submitted data includes malicious code,
such as JavaScript or an applet or object reference, which then executes on the user's system.
Note: The ColdFusion MX Administrator Settings page Enable Global Script Protection option
determines the default script protection setting. You can use the
the Administrator setting. You can also use the Application.cfc initialization code to set the protection
value.
42
Chapter 2: ColdFusion Tags
Req/Opt
Default
Optional
no
Optional
Determined by
ColdFusion MX
Administrator
Enable Global
Script
Protection
setting
945.
"registry"
ClientStorage=cookie
attribute lets you protect one or more variable scopes from cross-site
Description
• yes: uses domain cookies for CFID and
CFTOKEN cookies and for all Client
variables when using cookies for client
variable storage. Required for applications
running on clusters.
• no: uses host-specific cookies for CFID,
CFTOKEN, and all client variable cookies.
Specifies whether to protect variables from
cross-site scripting attacks
• none: do not protect variables
• all: protect Form, URL, CGI, and Cookie
variables
• comma-delimited list of ColdFusion scopes:
Protect variables in the specified scopes.
For more information, see Usage.
sessionManagement
clientStorage = "cookie"
.
, any Client scope variables set following a cfflush tag
scriptProtect
attribute. For more
or a data
attribute to override
Advertisement
Chapters
Table of Contents
Related Manuals for MACROMEDIA COLFUSION MX 7-CFML
Related Products for MACROMEDIA COLFUSION MX 7-CFML
- MACROMEDIA COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION MX
- MACROMEDIA FLASH MX 2004 - FLASH LITE AUTHORING GUIDELINES FOR THE I-MODE SERVICE
- MACROMEDIA FLASH MX 2004 - ACTIONSCRIPT
- MACROMEDIA FREEHAND MX 11
- MACROMEDIA COLFUSION MX 7-MIGRATING APPLICATIONS TO COLDFUSION MX 7
- MACROMEDIA COLFUSION MX 7-GETTING STARTED BUILDING COLDFUSION MX
- MACROMEDIA 38000382 - Macromedia JRun - Mac
- MACROMEDIA 38028779 - Macromedia Dreamweaver - Mac