Finally, a framework for the rest of us!

CFWheels is an open source CFML (ColdFusion Markup Language) framework inspired by Ruby on Rails that provides fast application development, a great organization system for your code, and is just plain fun to use.

One of our biggest goals is for you to be able to get up and running with CFWheels quickly. We want for you to be able to learn it as rapidly as it is to write applications with it.

Get Started    

Obfuscating URLs

Hide your primary key values from nosy users.

Check

Is this still correct in 1.3x onwards?

The Wheels convention of using an auto-incrementing integer value as the primary key in your database tables will lead to a lot of URLs on your website exposing this value. Using the built-in URL obfuscation functionality in Wheels, you can hide this value from nosy users.

What URL Obfuscation Does

When URL obfuscation is turned off (which is the default setting in Wheels), this is how a lot of your URLs will end up looking:

http://localhost/user/profile/99

Here, 99 is the primary key value of a record in your users table.

After enabling URL obfuscation, this is how those URLs will look instead:

http://localhost/user/profile/b7ab9a50

The value 99 has now been obfuscated by Wheels to b7ab9a50. This makes it harder for nosy users to substitute the value to see how many records are in your users table, to name just one example.

How to Use It

To turn on URL obfuscation, all you have to do is call set(obfuscateURLs=true) in the config/settings.cfm file.

Once you do that, Wheels will handle everything else. Obviously, the main things Wheels does is obfuscate the primary key value when using the linkTo() function and deobfuscate it on the receiving end. Wheels will also obfuscate all other params sent in to linkTo() as well as any value in a form sent using a get request.

In some circumstances, you will need to obfuscate and deobfuscate values yourself if you link to pages without using the linkTo() function, for example. In these cases, you can use the obfuscateParam() and deObfuscateParam() functions to do the job for you.

Is This Really Secure?

No, this is not meant to add a high level of security to your application. It just obfuscates the values, making casual observation harder. It does not encrypt values, so keep that in mind when using this approach.

Obfuscating URLs

Hide your primary key values from nosy users.