> > The problem I always have with this example, despite the fact that 9/10
> > the example itself doesn't work, is that it takes 2 minutes to set up
> > appropriate users for databases with appropriate grant levels and you
> > can even set the statements that can be executed in the DNS settings in
> > CF. You'd have to be a novice to let any standard public "website
> > select" user have that kind of access to a database.
>
> That is just the drop table example. For a login type query it is
> just as easy to append "OR user_id = 1" which would allow you to
> assume somebodies identity.
>
All I'm going to say is "validation"!
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
