FWIW I don't believe in silver bullets, but one can get a decent amount of mileage by taking the SQL account that CF connects to the database with and removing accessing to the system and information schema tables. Chances are your app doesn't use those tables and a lot of SQLi attacks revolve around them. And for the love of all that is good in the world, don't ever let your webs servers ever connect to your database with sa. :)
~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333010 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm