ColdBox Security Module
ColdBox Security Module
Introduction
Intro
Release History
What's New With 2.5.0
What's New With 2.4.0
What's New With 2.3.0
What's New With 2.2.0
What's New With 2.1.0
What's New With 2.0.0
About This Book
Author
Getting Started
Installation
Overview
Configuration
Usage
Authentication Services
Security Rules
Security Annotations
Secured URL
Interceptions
cbSecurity Model
Cross Site Request Forgery
Security Validators
CBAuth Validator
CFML Security Validator
Custom Validator
JWT
JWT Services
JWT Validator
Token Storage
Interceptions
External links
Source code
Issue Tracker
cbauth
cbcsrf
JWT CFML
Powered by GitBook

What's New With 2.4.0

This release adds the inclusion of the Cross Site Request Forgery module into cbsecurity: cbcsrf. You can find all the details about this module here: https://github.com/coldbox-modules/cbcsrf. Below are the major features of this module:

Features

  • Ability to generate security tokens based on your session

  • Automatic token rotation when leveraging cbauth login and logout operations

  • Ability to on-demand rotate all security tokens for specific users

  • Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered

  • Ability to create multiple tokens via unique reference keys

  • Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers

  • Auto-sensing of integration testing so the verifier can allow testing calls

  • Token automatic rotation on specific time periods for enhance security

  • Helpers to automatically generate hidden fields for the token

  • Automatic generation endpoint that can be used for Ajax applications to request tokens for users

Previous
What's New With 2.5.0
Next
What's New With 2.3.0
Last updated 7 months ago
Edit on GitHub