Given all the security issues around ColdFusion in the past few months I thought it would be good idea to remind ColdFire users about a potential security issue. One of the enhanced features of ColdFire is the ability to dump variables without changing your code. For example, to see the application scope you can just type "application" in the variables tab, reload the page, and there you have your application scope dumped to the ColdFusion Firebug tab. This is a great feature during development but could also be an attack vector if used on a public server. Imagine you were running ColdFire on a public server and storing something like database credentials in the application scope. Depending on the debugging IP addresses configured in the ColdFusion administrator, someone running the ColdFire Firebug extension could come along and dump the application scope and see those credentials. Anyway, this isn't really an issue with ColdFire, it works as intended, just something to be aware of if you use the tool.