Also try http://www.sqlsecurity.com/faq.asp.
andy -----Original Message----- From: Garza, Jeff [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 11:37 AM To: CF-Talk Subject: RE: Preventing SQL injection attacks...? There was a real good white paper from NGSSoftware. It's called Advanced SQL Injection and can be found near the bottom of this page. http://www.nextgenss.com/research.html#papers Frightening... Jeff Garza Lead Developer/Webmaster Spectrum Astro, Inc. [EMAIL PROTECTED] http://www.spectrumastro.com -----Original Message----- From: Ian Lurie [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 8:30 AM To: CF-Talk Subject: RE: Preventing SQL injection attacks...? That's what I thought. Man, you think you're an expert, and then some 13 year old somewhere makes you feel like a punk again :) Is there a good paper on Macromedia.com about this? I read some of the stuff but nothing seemed really on-point... -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 8:30 AM To: CF-Talk Subject: RE: Preventing SQL injection attacks...? > make sure you are at the latest MDAC and have all service pack applied > for SQL. I think that the latest MDAC prevents attacks like this, but > I could be wrong. No, MDAC does nothing to prevent SQL injection attacks, which, after all, use perfectly valid SQL statements. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists