what you really need is a Web Application Firewall which will clean all form and url params and strip out anything dodgy. There are plenty of generic web server WAF's, or if you want a CF specific solution then try FuseGuard.
On Tue, Nov 4, 2014 at 5:26 PM, <> wrote: > > >>Like querying malicious data and using it in another > cfquery without cfqueryparam. > > As an extra safety feature, if your application does not use multiSQL > statements at all, and depending on the type of database engine used, you > could also streatly deactivate the multi statement facility. > If you're using an Access database, you don't even have to deactivate it: > there is NO multi statement facility. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359561 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
