Re: Securing CF Apps against SQL Injection & Cross Site Scripting

Matt Robertson Thu, 06 May 2004 17:09:25 -0700

Andrew Grosset wrote:
>Works great in IE, but Mozilla Firebird ignores cfheader and displays
>the page as normal...

I put in <cfabort> right afterwards :D

Here's the whole test I'm using. I put this into application.cfm and, as you say, it only eats a max of 15ms.

<cfset variables.ThisURLVar=cgi.script_name&cgi.query_string>
<CF_CodeCleaner INPUT="#variables.thisurlvar#"><cfset variables.Cleanurl=clean_code>
<cfif CompareNoCase(variables.thisurlvar,variables.Cleanurl)>
<cfheader statuscode="500" statustext="Server Error">
<cfabort>
</cfif>

--
-------------------------------------------
Matt Robertson, [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
-------------------------------------------

--

[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Re: Securing CF Apps against SQL Injection & Cross Site Scripting

Reply via email to