<g> CF as 50s noir! Huzzah! Dana
> I know what it is, and I wish I didn't. > > I started out just playing around, having a good time, snorting an > occasional hit of SQL. Snorting SQL wasn't serious, or so I thought. > I wasn't hooked -- I could stop any time I wanted to. But it wasn't > like that. It never is. > > Soon I needed more. All my friends were injecting SQL and said it was > great stuff. No problem. Easy street with no blind alleys. > > Sure. These kids were just looking for another mook to add to the > club, make them feel better about their own empty lives. > > So I injected SQL for the first time. I didn't feel anything at first, > but then it suddenly hit me, and one of my database tables was gone. > Nowhere. Dropped like the bad habit I had just picked up. > > Next thing I know, I'm in trouble. I've got script kiddies swirling > around my head, hacking into me, taking whatever they want and > laughing at me. SalesOrder table -- gone. Customer table -- gone. > Inventory table --gone. My soul -- gone. > > It took a brave little sweetheart named Candy to bring me back. She > found me curled up in an alleyway, mumbling something about syntax, my > eyes glassy and wide. She nursed me back to health, told me about > CFQUERYPARAM and how it would save me if I just let it. > > So I gave it a try. It was like driving switchblades into my own arm, > but I knew I had to do it if I wanted to survive -- if I wanted my app > to survive. If I wanted Candy and me to survive. > > Soon the pain became tolerable. Then it almost went away. Except for > that little twinge to remind me about where I'd been, where I'd let > myself go, where I'd come back from. Where I'd sure as hell never go > again. > > Now Candy and me are on the road to somewhere, and I'm doing my time > straight. Soon I'll be taking the next step, locking down another > layer, then another, and then another until everything's safe. > > Safe. > > I look over at Candy behind the wheel, hair blowing in the wind, and > she looks like an angel. The road ahead looks even, less for the > asphalt than for the fact that I have my head on straight now. No way > I'm gonna let SQL injection take another thing from me. Not my data, > not my dignity. And not Candy. > > The sun's setting up ahead and the first chill of night hits. > > I light a cigarette... > > From: Jacob > To: CF-Community > Sent: Tuesday, May 30, 2006 12:53 PM > Subject: Head shaking... > > > So, every ColdFusion programmer I have interviewed does not know what > SQL > injection is... > > This is going to be fun. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:5:207770 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
