>The qpscanner is ok in general but I want something that will only get
>me numeric variables that are not in a cfqueryparam.

That is not enough to protect you!

It is not hard to create injection attacks that bypass CF's auto-doubling of 
quotes.

qpscanner deliberately errs on the side of paranoia, because it only takes one 
small hole for an attacker to get in and cause havoc. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329661
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to