>
> another hack question. I've read Don Vawter's website on how to
> prevent this
> type of attack. Someone told me at my work that there's an IIS patch that
> prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and
> SQL 2000 for
> the backend. I want to go back and add these fixes to my CF pages, but if
> there's a patch, I won't need to do it.
>
Err no. there isn't a patch against a user changing the contents of a URL
Query String that is sent to the server.
I wish there was, but I think the only true fix is to find the user and go
visit him/her with a couple of mates and take a baseball bat to their
fingers.... ;o)
Regards
Stephen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
