Thanks guys, that answers my question.
On Aug 6, 2008, at 11:48 AM, shawn gorrell wrote:
Even though you have a solid idea that those scoped variables won't
be messed with, why wouldn't you use CFQUERYPARAM anyway? There is
more benefit to using it than just protecting against vulnerabilities.
----- Original Message ----
From: Sam Singer <[EMAIL PROTECTED]>
To: discussion@acfug.org
Sent: Wednesday, August 6, 2008 12:40:15 PM
Subject: [ACFUG Discuss] <cfqueryparam> for application or session
scoped variables
I'm using QueryParam Scanner to identify any potential
vulnerabilities. It is flagging code that uses application or session
scoped variables such as:
WHERE
DeptID = #Application.DeptID#
ORDER BY Lastname
Should Application.DeptID be cfqueryparamed? What about:
WHERE
PersonID = #GetAuthUser()#
Thanks,
Sam
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------