At 04:04 PM 1/24/2003 +0100, you wrote: >I would not rely on the functionality of CF MX to provide this kind of >security. In combination with various database escape characters it is >rather easy to circumvent.
Hmmm....had not heard that yet. Is there a list of what to check for so I can throw together a <cfinclude> to check for these strings? Has anyone else already done something similar? Either way, I still suggest adding every layer of security you can (unless of course the cfmx problem allows someone to somehow circumvent the database permissions). If someone really wants into your system, they can find a a way in. Andrew Golden ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
