[Tip of the Week] Securing Your Application's reinit

One of the first things you learn with ColdBox is how to add ?fwreinit=1 to the end of your URL to force a reload of the entire application. This is required to pick up new settings, etc. Many of you probably leave the reinit password at its default of “1”. While that’s fine for your development and testing servers, it’s not recommended on production. Reinitializing your application can potentially be an intensive operation, and you don’t want someone out there having the ability to screw around with your app.

Adding a little piece of mind is easy. All you need to do is add a “ReinitPassword” setting in your config.

coldbox = {
reinitPassword = ‘passw0rd’
};

With that in place, you can now reinit the app like so:

http://www.yoursite.com?fwreinit=passw0rd

Remember, for the new password to take affect, you have to reinit the site one last time with the old password (which is cached in memory).

There you go! You can sleep a little better at night knowing random people can’t reinitialize your servers.

More info here: http://wiki.coldbox.org/wiki/ConfigurationCFC.cfm#Development_Settings

P.S. Do you only want the password on your production servers? Easy-- just use the environment control I talked about last week. Set up the production password in your main configure() method. Then in your development or stage override methods, set coldbox.ReinitPassword back to an empty string.

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com