> I haven't heard anyone mention the security value of cfqueryparam...
> using this tag will prevent someone from injecting malicious code into
> your queries.
The current discussion of CFQUERYPARAM concerned whether to use it for
literal values, rather than values derived from variables. In that case,
there's no security issue, since there's no user or program input.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: The Value of CFQUERYPARAM Shawn McKee
- RE: The Value of CFQUERYPARAM Ian Skinner
- RE: The Value of CFQUERYPARAM Philip Arnold
- RE: The Value of CFQUERYPARAM Raymond Camden
- RE: The Value of CFQUERYPARAM Barney Boisvert
- RE: The Value of CFQUERYPARAM Shawn McKee
- RE: The Value of CFQUERYPARAM Ian Skinner
- RE: The Value of CFQUERYPARAM kpeterson
- RE: The Value of CFQUERYPARAM Gaulin, Mark
- RE: The Value of CFQUERYPARAM Ian Skinner
- Dave Watts