> Which brings up another security question. How does other sites > handle something like this automatically? I mean, if I see an > attack from an IP address, is it even worth blocking at the firewall?
What I do is a combination of input sanitizing and using cfqueryparam to the point where it's actually not possible (in theory) to put the application in an unknown or error state and invalid input is always handled in a predictable way (e.g. redirect to the home page, etc.). One of my goals when building an application is to make it so that in theory it shouldn't be possible for the end user to generate a ColdFusion error. When my error handlers get a hit it becomes a Big Deal(tm) and usually leads to a code change to make it so that the error can't happen again. Due to the volume of automated probes and attack tools constantly sweeping the web I generally don't bother trying to block individual addresses and such manually. Our firewall/IDS farther upstream looks for known attack patterns and blocks those for us automatically, but if I see someone probing in the logs I usually don't pay it much attention. If someone is able to trigger a CF error then it does become a top priority to investigate how they were able to do so and patch the code so that the condition can be handled gracefully. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356279 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
