Really??? I use this option all the time as a (sometimes) quicker navigation
of a website.
I think your approach would be best suited to those who are doing this with
malicious intent, not for those of us who know what we are doing, and don't
intend to hack a site per se.
<grins>
Shawn Grover
-----Original Message-----
From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 11:16 AM
To: CF-Talk
Subject: RE: URL Hack Fix??
>
> another hack question. I've read Don Vawter's website on how to
> prevent this
> type of attack. Someone told me at my work that there's an IIS patch that
> prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and
> SQL 2000 for
> the backend. I want to go back and add these fixes to my CF pages, but if
> there's a patch, I won't need to do it.
>
Err no. there isn't a patch against a user changing the contents of a URL
Query String that is sent to the server.
I wish there was, but I think the only true fix is to find the user and go
visit him/her with a couple of mates and take a baseball bat to their
fingers.... ;o)
Regards
Stephen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
