The deterant for SQL attacks is the CFQUERYPARAM tag. Anytime a user defined data (FORM or URL) is accessed inside CFQUERY and you're not using it, you're pushing your luck. It is also much simpler to use CFQUERYPARAM instead of applying a filter check to all input. Of course if you're running on a server prior to 4.5 then nevermind.
HTH, t ********************************************************************** Tyler M. Fitch Certified Advanced ColdFusion 5 Developer ISITE Design, Inc. 615 SW Broadway Ste. 200 Portland, OR 97205 503.221.9860 ext. 111 http://isitedesign.com ********************************************************************** -----Original Message----- From: Robert Everland [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 2:06 PM To: CF-Talk Subject: RE: Could you give my application a once through Oooh I can reproduce that bad boy every darn time (it was your fault) but it let me see that the input filter isn't a good deterant on SQL attacks. I will fill out the wish form, hopefully it will get fixed. Robert Everland III Dixon Ticonderoga Web Developer Extraordinaire -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 5:11 PM To: CF-Talk Subject: Re: Could you give my application a once through Robert Everland wrote: > Had to reboot, JRUN eats memory when you give it a query with no > records and > tell it to draw a graph If that was me: sorry. But if you can reproduce that don't forget to tell MM because IMHO crashing because of that is a bug. http://www.macromedia.com/support/email/wishform/?6213=3 Jochem ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
