I know what it is, and I wish I didn't. I started out just playing around, having a good time, snorting an occasional hit of SQL. Snorting SQL wasn't serious, or so I thought. I wasn't hooked -- I could stop any time I wanted to. But it wasn't like that. It never is.
Soon I needed more. All my friends were injecting SQL and said it was great stuff. No problem. Easy street with no blind alleys. Sure. These kids were just looking for another mook to add to the club, make them feel better about their own empty lives. So I injected SQL for the first time. I didn't feel anything at first, but then it suddenly hit me, and one of my database tables was gone. Nowhere. Dropped like the bad habit I had just picked up. Next thing I know, I'm in trouble. I've got script kiddies swirling around my head, hacking into me, taking whatever they want and laughing at me. SalesOrder table -- gone. Customer table -- gone. Inventory table --gone. My soul -- gone. It took a brave little sweetheart named Candy to bring me back. She found me curled up in an alleyway, mumbling something about syntax, my eyes glassy and wide. She nursed me back to health, told me about CFQUERYPARAM and how it would save me if I just let it. So I gave it a try. It was like driving switchblades into my own arm, but I knew I had to do it if I wanted to survive -- if I wanted my app to survive. If I wanted Candy and me to survive. Soon the pain became tolerable. Then it almost went away. Except for that little twinge to remind me about where I'd been, where I'd let myself go, where I'd come back from. Where I'd sure as hell never go again. Now Candy and me are on the road to somewhere, and I'm doing my time straight. Soon I'll be taking the next step, locking down another layer, then another, and then another until everything's safe. Safe. I look over at Candy behind the wheel, hair blowing in the wind, and she looks like an angel. The road ahead looks even, less for the asphalt than for the fact that I have my head on straight now. No way I'm gonna let SQL injection take another thing from me. Not my data, not my dignity. And not Candy. The sun's setting up ahead and the first chill of night hits. I light a cigarette... From: Jacob To: CF-Community Sent: Tuesday, May 30, 2006 12:53 PM Subject: Head shaking... So, every ColdFusion programmer I have interviewed does not know what SQL injection is... This is going to be fun. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:5:207754 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
