RE: SQL Security

2001-12-27 Thread Darryl Lyons
atabase only has one user set up. If on the other hand you've got an application that required raw SQL input then I'd be changing that :) Darryl -Original Message- From: Nick McClure [mailto:[EMAIL PROTECTED]] Sent: Friday, 28 December 2001 7:33 AM To: CF-Talk Subject: RE: SQL Sec

RE: SQL Security

2001-12-27 Thread Nick McClure
The way I prefer to do this is by using Strored Procs. You only give the user access to execute stored procs, then you don't have to worry so much about hacking attempts where somebody tries to execute their own SQL.. You can usually verify size limits in the HTML for the form fields, and the

RE: SQL Security

2001-12-27 Thread Dave Watts
> I was simply saying that if a database is well planned and > set-up correctly that the use of all the extra code should > not be necessary. I could undrestand using it on say an > access DB where their is not alot of security features etc. > but to use it on SQL and Oracle I just do not see

Re: SQL Security

2001-12-27 Thread Douglas Brown
features etc. but to use it on SQL and Oracle I just do not see the reasoning. Doug - Original Message - From: "Tyler M. Fitch" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, December 27, 2001 1:02 PM Subject: RE: SQL Security >

RE: SQL Security

2001-12-27 Thread Dave Watts
> Wow I just wrote what Dave did before looking at the whole > post :D . I for one would not want to use in > all my queries!!! What a jumbled mess that would create. If you read my post as advocating that you don't use CFQUERYPARAM in favor of using SQL permissions, you misunderstood me. I wa

RE: SQL Security

2001-12-27 Thread Tyler M. Fitch
* -Original Message- From: Douglas Brown [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 1:00 PM To: CF-Talk Subject: Re: SQL Security Wow I just wrote what Dave did before looking at the whole post :D . I fo r one would not want to use

RE: SQL Security

2001-12-27 Thread Robert Everland
PM To: CF-Talk Subject: Re: SQL Security Wow I just wrote what Dave did before looking at the whole post :D . I fo r one would not want to use in all my queries!!! What a jumb led mess that would create. Doug - Original Message - From: "Dave Watts" <[EMAIL PROTECTED]

Re: SQL Security

2001-12-27 Thread Douglas Brown
IL PROTECTED]> Sent: Thursday, December 27, 2001 12:21 PM Subject: RE: SQL Security > > I had you guys poke at my application the other day to find > > bugs and security problems. Now I need to ask a few questions > > about SQL security as I am finding out a lot of what I thought &

Re: SQL Security

2001-12-27 Thread Douglas Brown
ginal Message - From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, December 27, 2001 12:21 PM Subject: RE: SQL Security > > I had you guys poke at my application the other day to find > > bugs and security problems

RE: SQL Security

2001-12-27 Thread Dave Watts
> I had you guys poke at my application the other day to find > bugs and security problems. Now I need to ask a few questions > about SQL security as I am finding out a lot of what I thought > was right is wrong. I am using cfqueryparam now in my where > and and clauses, now do I need to also