There is a custom tag... <cf_formfilter> on the developers exchange that I've been using... It searches the caller.form.fieldnames structure looking for all sorts of nasty includes.
After just reading it again I think I can also make it filter url submitted input as well. Anyone here use or have comments on this tags limitations? Was an easy first step for me but I am suddenly worried about url hacks as well. Brian At 08:17 AM 4/12/02 -0700, you wrote: >Hi all, > >Had some interesting errors in our logs yesterday. It appears that someone's >trying to hack our database by inserting SQL query language into the URL >string. > >We're doing all the standard security measures, including filtering for >single quotes, using database passwords, and the like, and we locked out >their IP immediately. But really, how do you prevent this? Any >ideas/feedback out there? > >Ian > >Portent Interactive >Helping clients build customer relationships on the web since 1995 >Consulting, design, development, measurement >http://www.portentinteractive.com > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
