Hidden Fields are NOT Secure

Passing data in hidden fields is common practice among ColdFusion developers, as it should be. Being able to send data back and forth allows you to embed hidden information that you know you’ll get back when the form is submitted. But be careful, don’t place confidential information in hidden form fields (a View Source will expose it) and don’t ever assume that just because you placed a value in a hidden field that that is the value you’ll get back, it is all too easy to save the page, edit the form, and then submit the edited form. (In other words, never edit or delete rows from a table relying on a hidden field as the primary key). (Applies to: ColdFusion All)

Leave a Reply