Yea, sounds to me like maybe a user who needs some additional training... Which was my first instinct, having the feeling that you were pretty well on-top of the whole sql injection issue to begin with...
Either that or they handed their login info out to somebody else... But I figured I'd give some technical advice just in case. > Thanks Isaac and Taco, > I use CFQUERYPARAM extensivly although some older code may > not have it, but > I've been using Val(mynum) for along time to protect > against this kind of > thing. > I will scan the web server logs and see what I can find. I > get emailed when > ever ANY errors occur on the site, and you would think > that it would be > difficult for a SQL Injection attack to be successful > without a couple of > attempts generating errors first. > Strange... > Brook > At 07:31 PM 7/5/2003 -0500, S. Isaac Dealey wrote: >> > I have an application where a couple of records have >> > "mysteriously" been >> > deleted. The user who the records belongs to (and who >> > have >> > exclusive access >> > to the record), says they did not delete the record >> > (via >> > the CF webapp). I >> > am a bit concerned that some one may have maliciously >> > deleted the record. >> > No one has physical access to the DB server. >> >> > Is there any way to track delete requests at the SQL >> > Server level? Or any >> > other precautions I might take. >> >> > Brook >> >>You could place a trigger on the table in question which >>inserts into an >>alternate table the record id and time and that will tell >>you at the sql >>server level _when_ the deletion occurs. Although unless >>you're also >>tracking login and logout times there's no way of knowing >>if that user is >>logged in when it happens... also, ask the user to change >>their password >>to be sure nobody else may somehow have their password ... >>although if >>somebody knows how to hack the db to get it, then this >>won't help >>either... if you'd like me to make more specific >>suggestions about the cf >>code on the basis that the deletion might be possible via >>a sql insertion >>attack, you can forward me any code you'd like me to >>examine specifically >>off-list. The only queries that should be dangerous in >>this respect are >>those where a variable is used within the cfquery tags, >>but not within a >>quoted variable or cfqueryparam value. So if you have a >>numeric value, >>i.e. "SELECT * FROM mytable WHERE ID = #myintegerid#" or >>where there's a >>pregenerated sql snippet, i.e. "WHERE #mywhereclause# >>these are potential >>targets for sql insertion attacks. >> >>hth >> >>s. isaac dealey 972-490-6624 >> >>new epoch http://www.turnkey.to >> >>lead architect, tapestry cms http://products.turnkey.to >> >>tapestry api is opensource http://www.turnkey.to/tapi >> >>certified advanced coldfusion 5 developer >>http://www.macromedia.com/v1/handlers/index.cfm?ID=21816 >> >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~| > Archives: > http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 > Subscription: http://www.houseoffusion.com/cf_lists/index. > cfm?method=subscribe&forumid=4 > FAQ: http://www.thenetprofits.co.uk/coldfusion/faq > This list and all House of Fusion resources hosted by > CFHosting.com. The place for dependable ColdFusion > Hosting. > http://www.cfhosting.com > Unsubscribe: http://www.houseoffusion.com/cf_lists/uns > ubscribe.cfm?user=633.558.4 s. isaac dealey 972-490-6624 new epoch http://www.turnkey.to lead architect, tapestry cms http://products.turnkey.to tapestry api is opensource http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
