Publisher Summary As ColdFusion (CF) has grown into a powerful, rapid-development environment, Macromedia provides developers a set of powerful, far-reaching functionality. However, the power of that functionality has a dark side, that is, is security. ColdFusion allows reading and writing to the file system, reading and writing to the Registry, connect to the Internet protocols— such as file transfer protocol and simple mail transport protocol, and other utilities. However, this open connectivity for legitimate uses can also be corrupted for malicious uses. Macromedia recognizes this danger to a certain extent. It has identified a core set of tags that are so dangerous that they can be disabled from within the ColdFusion Administrator. However, disabling those tags might not be an option for the user, if the legitimate application relies on their functionality. Moreover, there is another set of documented and undocumented tags and functions that are dangerous, but cannot be disabled within the CF administrator.