another hack question. I've read Don Vawter's website on how
to prevent this type of attack. Someone told me at my work that
there's an IIS patch that prevents this. Is this true? I'm using
IIS 4.0 and SQL 7.0 and SQL 2000 for the backend. I want to go
back and add these fixes to my CF
another hack question. I've read Don Vawter's website on how to
prevent this
type of attack. Someone told me at my work that there's an IIS patch that
prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and
SQL 2000 for
the backend. I want to go back and add these fixes to my CF
THe +.htr works on a global.asa but not on regular asp pages. What does
this actually do?
-Original Message-
From: S R [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 12:44 PM
To: CF-Talk
Subject: URL Hack Fix??
another hack question. I've read Don Vawter's website on how to
I like that solution
From: Stephen Moretti [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: RE: URL Hack Fix??
Date: Mon, 13 Aug 2001 18:15:36 +0100
another hack question. I've read Don Vawter's website on how to
prevent this
type of attack. Someone
-Original Message-
From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 11:16 AM
To: CF-Talk
Subject: RE: URL Hack Fix??
another hack question. I've read Don Vawter's website on how to
prevent this
type of attack. Someone told me at my work that there's an IIS
And on a related note.. What are the best ways to go about ensuring that
the parameters passed are valid?
Is a simple:
cfif IsDefined(URL.id) AND IsNumeric(URL.id)
do the query
cfelse
kick someone in the keister
/cfif
sufficient, or are there more sinister things to look for? (This of
Network Software
-Original Message-
From: Timothy Lynn [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 1:49 PM
To: CF-Talk
Subject: Re: URL Hack Fix??
And on a related note.. What are the best ways to go about ensuring that
the parameters passed are valid?
Is a simple
requirements, but here's hoping
this helps you get started.
Shawn Grover
-Original Message-
From: Timothy Lynn [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 11:49 AM
To: CF-Talk
Subject: Re: URL Hack Fix??
And on a related note.. What are the best ways to go about ensuring
Childress [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 2:00 PM
To: CF-Talk
Subject: RE: URL Hack Fix??
Val(URL.id) passes the value of the URL.id, unless it's non-numeric, in
which case it passes a zero. Use like so:
WHERE ID = Val(URL.id)
-Cameron
Cameron
9 matches
Mail list logo