i have been asked to look at a possible sql injection attack. as I look
through the code I see stored procs being called by using cfquery like:
cfquery name="asdf" datasource="asdf"
storedproc '#var1#', '#var2#'
cfquery
I've read about using cfstored procs and params to prevent attacks.
I've read that using cfquery and doing inline queries can cause
injection attacks but I wasn't sure about using cfquery and calling a
stored proc through it. Can somebody please confirm?
Thanks!
Tim
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309477
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
