> Sorry for the "top posting", where are we now in terms of best practice for > cf8 protection again sql injection attack? Going through 136+ posts seems a > bit too much, many thanks. Some one who has closely monitored this thread > probably could help.
The same place we've always been: * Validate user input * Use CFQUERYPARAM For applications that have old code, run a tool that will tell you what queries need to be updated or run a front-end filter that will do a basic check on input while you're updating that old code to use proper security methods. CFQUERYPARAM: http://www.adobe.com/devnet/coldfusion/articles/cfqueryparam.html Query scanning tools: http://www.codersrevolution.com/index.cfm/2008/7/24/Announcing-the-first-ever-International-Operation-cfSQLprotect Basic URL value filter: http://www.gravityfree.com/_sqlprev.cfm.txt -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311050 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4