Using information from a Ben Nadel atricle, jsStringFormat( htmlEditFormat())
seems to be catching insertions like b and escaping them.
However, I have tried a number of regex routines from
http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks
plus
Uhm... cfqueryparam
Robert Harrison
Director of Interactive Services
Austin Williams
Advertising I Branding I Digital I Direct
125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788
T 631.231.6600 X 119 F 631.434.7022
http://www.austin-williams.com
Blog:
Unless you were using evaluate (column) name inside another query somewhere
I am not aware of how that could be used for an injection
On Aug 15, 2014 1:51 PM, Stephens, Larry V steph...@iu.edu wrote:
Using information from a Ben Nadel atricle, jsStringFormat(
htmlEditFormat()) seems to be
Doing that on everything.
-Original Message-
From: Robert Harrison [mailto:rob...@austin-williams.com]
Sent: Friday, August 15, 2014 1:54 PM
To: cf-talk
Subject: RE: protection from sql attacks with regex++
Uhm... cfqueryparam
Robert Harrison
Director of Interactive Services
Doing that on everything.
If you're parametrizing everything on the queries then what is the concern?
-Justin
~|
Order the Adobe Coldfusion Anthology now!
5 matches
Mail list logo