> Ah. You're from the "blame the victim" school. > > Unfortunately, when I wrote the first 1,000 ColdFusion > templates using Ben Forta's CF 4.0 book, there was no > CFQueryParam. So going back and rewriting all those programs > (now well into several thousand) has been a bitch. And all > it took was one missed spot. > > So I shouldn't be mad at the poor little hackers, because > they were doing us all favor by pointing out our faults. > That is your school of thought, right?
My school of thought is that, if you fail to conform to minimal standards of adequate protection, you have failed to meet due diligence requirements. Your client or employer can sue you for negligence, and they may well win. Although, to be honest, that's not really a school of thought, it's an observation of reality. My school of thought is that there are some things within my control, and other things beyond my control. I am responsible for the things within my control. I don't have control over Eastern European crime syndicates. I do have control over my own application code. CFQUERYPARAM was introduced in CF4. You have had years to solve this problem. Your applications may have been attacked long before now, without you even knowing it. You are free to be angry at the people who've done this. But you're going to have to fix the problem yourself. If we lived in a world where justice were guaranteed, I'd be right there with you in going after these folks, with the requisite tar, feathers and pitchforks. If these people are ever brought to court, I'll be right there with you in calling for their heads. But we don't live in that world, and the only thing we can do is affect the things we control. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310733 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
