RE: URL Hack Fix??

2001-08-13 Thread Dave Watts
another hack question. I've read Don Vawter's website on how to prevent this type of attack. Someone told me at my work that there's an IIS patch that prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and SQL 2000 for the backend. I want to go back and add these fixes to my CF

RE: URL Hack Fix??

2001-08-13 Thread Stephen Moretti
another hack question. I've read Don Vawter's website on how to prevent this type of attack. Someone told me at my work that there's an IIS patch that prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and SQL 2000 for the backend. I want to go back and add these fixes to my CF

RE: URL Hack Fix??

2001-08-13 Thread Joshua Tipton
THe +.htr works on a global.asa but not on regular asp pages. What does this actually do? -Original Message- From: S R [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 12:44 PM To: CF-Talk Subject: URL Hack Fix?? another hack question. I've read Don Vawter's website on how to

RE: URL Hack Fix??

2001-08-13 Thread S R
I like that solution From: Stephen Moretti [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: RE: URL Hack Fix?? Date: Mon, 13 Aug 2001 18:15:36 +0100 another hack question. I've read Don Vawter's website on how to prevent this type of attack. Someone

RE: URL Hack Fix??

2001-08-13 Thread Shawn Grover
-Original Message- From: Stephen Moretti [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 11:16 AM To: CF-Talk Subject: RE: URL Hack Fix?? another hack question. I've read Don Vawter's website on how to prevent this type of attack. Someone told me at my work that there's an IIS

Re: URL Hack Fix??

2001-08-13 Thread Timothy Lynn
And on a related note.. What are the best ways to go about ensuring that the parameters passed are valid? Is a simple: cfif IsDefined(URL.id) AND IsNumeric(URL.id) do the query cfelse kick someone in the keister /cfif sufficient, or are there more sinister things to look for? (This of

RE: URL Hack Fix??

2001-08-13 Thread Cameron Childress
Network Software -Original Message- From: Timothy Lynn [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 1:49 PM To: CF-Talk Subject: Re: URL Hack Fix?? And on a related note.. What are the best ways to go about ensuring that the parameters passed are valid? Is a simple

RE: URL Hack Fix??

2001-08-13 Thread Shawn Grover
requirements, but here's hoping this helps you get started. Shawn Grover -Original Message- From: Timothy Lynn [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 11:49 AM To: CF-Talk Subject: Re: URL Hack Fix?? And on a related note.. What are the best ways to go about ensuring

RE: URL Hack Fix??

2001-08-13 Thread Cameron Childress
Childress [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 2:00 PM To: CF-Talk Subject: RE: URL Hack Fix?? Val(URL.id) passes the value of the URL.id, unless it's non-numeric, in which case it passes a zero. Use like so: WHERE ID = Val(URL.id) -Cameron Cameron