> I've done some additional testing and have found that the prior > version of the SQL Injection Blocker does better when challenged with > the HP Scrawlr testing tool then the newest version. Rolling back to > the prior release also solved the false positive problem for the three > towns mentioned earlier.
Hhm, interesting. My own customers ran into several problems with that version, that have been fixed with the new one. I'm not surprised it does better with scrawlr though as for us it had way more false positives and was blocking *too* much stuff. Just goes to show, there's no one solution that works for everyone...and how important it is not to rely on these tools exclusively since they clearly do not work 100% of the time. --- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311467 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4