Has anyone written a broad-spectrum script (i.e. scrubs URL variables, form variables, looks for verboten words, etc.) that is effective against these attacks? If not, why don't we get coordinated and write something as a community that users can simple include/invoke via application.cfm or in specific files...something that is not limited to a framework and something that would perhaps work with CF6/7/8. I know there are people on this list who are MUCH more experienced than I am that would have a much more elegant solution than I could come up with. Moreover, because virtually all of my sites are on shared hosts (Windows/IIS/CF8), I don't have the luxury of being able to do URL rewrites and that sort of thing.
Thanks, Pete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310587 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
