>>That said, what do *you* do to fail gracefully I do not "fail gracefully", I "counter-attack aggressively" ;-) This is my code at the beginning of any template that relies on some numeric url parameter. but it can be easily adapted for any kind of string parameter.
<!--- Check if id contains a numeric value ---> <!--- if not, "http" means a SPAM attack, "user" means an SQL injection attempt ---> <CFIF val(id) EQ 0 AND (id CONTAINS "http" OR id CONTAINS "user")> <!--- Store IP address in any ban IP table ---> <CFABORT> <CFELSE> <CFSET id = val(id)> </CFIF> I use a datasource common to all my applications to store banned IPs. I also use a table to store dumps of sessions, application, url, form scopes in case of error, instead of sending an eMail. Then the only thing the visitor (or bot) sees is something like "oooops, sorry for the errror". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300511 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4