>
> > The problem I always have with this example, despite the fact that 9/10
> > the example itself doesn't work, is that it takes 2 minutes to set up
> > appropriate users for databases with appropriate grant levels and you
> > can even set the statements that can be executed in the DNS settings in
> > CF. You'd have to be a novice to let any standard public "website
> > select" user have that kind of access to a database.
>
> That is just the drop table example. For a login type query it is
> just as easy to append "OR user_id = 1" which would allow you to
> assume somebodies identity.
>
All I'm going to say is "validation"!
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: why are procedures better? (was: RE: Se... Greg Luce
- Re: why are procedures better? (was: RE... Deanna Schneider
- RE: why are procedures better? (was: RE: Securing C... Steve Nelson
- RE: why are procedures better? (was: RE: Securing CF App... Jochem van Dieten
- RE: why are procedures better? (was: RE: Securing C... Steve Nelson
- Re: why are procedures better? (was: RE: Securi... Stephen Moretti
- RE: why are procedures better? (was: RE: Se... Tony Weeg
- Re: why are procedures better? (was: RE: Se... Jochem van Dieten
- Re: why are procedures better? (was: RE... Stephen Moretti
- Re: why are procedures better? (wa... Jochem van Dieten
- RE: why are procedures better?... Stephen Moretti
- RE: why are procedures better? (was: RE: Securing C... Steve Nelson
- Re: why are procedures better? Jochem van Dieten
- RE: why are procedures better? Steve Nelson
- RE: why are procedures better? Tony Weeg
- RE: why are procedures better? Steve Nelson
- Re: why are procedures better? Jochem van Dieten
- RE: why are procedures better? Steve Nelson
- Re: why are procedures better? Jochem van Dieten
- RE: why are procedures better? Steve Nelson
- Re: why are procedures better? (was: RE: Securi... Deanna Schneider