Re: [ACFUG Discuss] for application or session scoped variables

Sam Singer Wed, 06 Aug 2008 09:56:16 -0700

Thanks guys, that answers my question.

On Aug 6, 2008, at 11:48 AM, shawn gorrell wrote:

Even though you have a solid idea that those scoped variables won'tbe messed with, why wouldn't you use CFQUERYPARAM anyway? There ismore benefit to using it than just protecting against vulnerabilities.


----- Original Message ----
From: Sam Singer <[EMAIL PROTECTED]>
To: discussion@acfug.org
Sent: Wednesday, August 6, 2008 12:40:15 PM

Subject: [ACFUG Discuss] <cfqueryparam> for application or sessionscoped variables


I'm using QueryParam Scanner to identify any potential
vulnerabilities.  It is flagging code that uses application or session
scoped variables such as:

  WHERE
        DeptID = #Application.DeptID#
        ORDER BY Lastname

Should Application.DeptID  be cfqueryparamed?  What about:
WHERE
PersonID = #GetAuthUser()#

Thanks,
Sam



-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------




-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------

Re: [ACFUG Discuss] for application or session scoped variables

Reply via email to