Railo Application Settings - Script Protect

Tuesday April 21, 2009 8:41 AM
Tags: Railo
Word Count: 167

Yesterday I was having a strange issue trying to create a new blog entry running BlogCFC & Railo. I was trying to create an entry that embedded a .swf file and that code uses the object & embed tags. Every time that I would post the form the tags would be replaced with a invalidTag and this was throwing me off a bit. A little searching and I found out that this was script protect working its magic. This in both ColdFusion & Railo is a server setting that you can overwrite on a per application basis. In my case I just have the one application running so I am going to make the change the admin. If you fire up your web administrator and go to application on the left you will see a script protect setting. This was set to all which protects all scopes. Making the simple change below fixed my issue.

Comments (2)
Print
Send
del.icio.us
Digg It!
1824 Views

Comments

#1 Posted By: JC Posted On: 4/21/09 9:51 AM
Might want to try comments with a few of these before disabling protections, just in case...
http://ha.ckers.org/xss.html
#2 Posted By: Dan Vega Posted On: 4/21/09 9:55 AM |
Author Comment
You are probably right. The problem Is I have one Application component for my entire application and there really is no way to allow it in my admin and not in comments. I will have to come up with a good solution for this.


Post Your Comment

Leave this field empty







Show Captcha

If you subscribe, any new posts to this thread will be sent to your email address.

Copyright © 2007 Dan Vega | BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.