> SELECT * FROM MyTable WHERE MyId = #Val(form.MyId)#
'cause what you really need to do is sanatise all your strings to prevent
any cross site scripting problems too.
I use something like
",">","ALL")>
in a custom tag and call it on on variables that get inserted into a
database, or eventualy
/~bader
> -Original Message-
> From: Robert Everland [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 09, 2001 4:14 PM
> To: CF-Talk
> Subject: Little OT: Security on NT, IIS, and CF
>
>
> Ok we are about to go live here soon and am looking at
> Securit
FROM MyTable WHERE MyId = #Val(form.MyId)#
Bob
-Original Message-
From: Robert Everland [mailto:[EMAIL PROTECTED]]
Sent: April 9, 2001 4:14 PM
To: CF-Talk
Subject: Little OT: Security on NT, IIS, and CF
Ok we are about to go live here soon and am looking at Security to
really lock dow
, April 09, 2001 4:13 PM
Subject: Little OT: Security on NT, IIS, and CF
> Ok we are about to go live here soon and am looking at Security to
> really lock down the servers. Now I know people can append things to the
url
> I check for that, or add things to a form, I check for that also. Only
th
Ok we are about to go live here soon and am looking at Security to
really lock down the servers. Now I know people can append things to the url
I check for that, or add things to a form, I check for that also. Only thing
I need to know is if there is still a security lax with MDAC where so
5 matches
Mail list logo