>- see footer for list info -< This would totally bugger up pretty much all content by removing formatting and punctuation, addresses, email addresses, etc. It's really only good for simple fields like name and phone number.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kerry > Sent: 01 February 2005 09:25 > To: Coldfusion Development > Subject: RE: [CF-Dev] hack proofing CF and XHTML pages > > >- see footer for list info -< > I use a regular expression to prevent anything that isnt a > number or letter getting into the database: > > function stripspecial(tmpstr){ > return rereplace(tmpstr,"[^a-zA-Z0-9]","","ALL"); > } > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Peter Donahue > Sent: 31 January 2005 19:47 > To: Allan - CFUG Spain; Coldfusion Development > Subject: [CF-Dev] hack proofing CF and XHTML pages > > > >- see footer for list info -< > > Hello everyone, > > I'm working on a Cf Website for an organization I belong > to that is scheduled to go on-line on July 1 of this year. I > did this as a class project last semester. The site contains > a Microsoft Access Database for displaying guestbook > information. It also allows visitors to post information to > the guestbook via several XHTML forms. Because I had taken on > such an advanced project for my final exam assignment the > instructor decided to point out some volnurabilities of this > guestbook by hacking in to it during our final exam show and > tell. He did this by entering HTML and XHTML tags in to the > form fields, and made a real mess of things. I fixed things > later that day. He told me that there is some code one must > enter on form pages that prevents data entered as HTML, or > XHTML tags from being interpretted as such preventing damage > to the database, and giving hackers a field day. He said > that it was some kind of formatting protocol which enhances > security on such pages, but I don't have the specific code, > or know how to set it up. If one of you can help me out with > this I'll appreciate that very much. The site is located at: > http://www.nfb-travel.org/nfb-travel.cfm > > This is a link that allows you to bipass the home page > which is an under construction notice. Please feel free to > check out these pages, and let me know what to do to hack > proof those data entry pages. By the way I earned an A in > that course. Over here an A is the highest letter grade one > can earn in a class. Thanks in advance. > > Peter Donahue > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving > lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to > volunteer your help > >-< > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving > lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to > volunteer your help > >-< > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
