Hmm, that's interesting. That's what we're using, and I've never been able to get a sql injection attack to work on it.
Can someone provide a simple example of how cfquery is vulnerable, so that we all know what kinds of things to watch out for? Russ > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 23, 2008 1:28 PM > To: CF-Talk > Subject: Re: Owned by Rootdamages by FasT > > SQL Server 2000 > > >What kind of DB were you using? I still haven't seen a good example of a > >sql query injection in CF since CF auto escapes single quotes. > > > >Russ > > > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297199 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
