site wide error handler is there just turned off at the momement. I haven't gone through the cw code yet to do the trimming and cfqueryparams yet, after final version I will. Cw tends to break whenever you touch anything in it and after just getting it compliant I decided to wait on the rest. I'm also concidering going through and re-writing it as it seems like it was written quite awhile ago and would like to have it use cfc's instead, fix some of the java in it and get rid of a good chunk of the current code.
thanks for input ~Dave the disruptor~ This bottle of lemonaid says "contains no lemon juice" and the can of Pledge says "contains real lemon juice" figures @%*((&% ---------------------------------------- From: Joe Rinehart <[EMAIL PROTECTED]> Sent: Tuesday, May 31, 2005 1:00 PM To: CF-Talk <[email protected]> Subject: Re: anyone bored? Hi Dave, I'd also surround _all_ of the places where you display user input with htmlEditFormat(), as it's kind of open for HTML monkeying (leading to XSS attacks). -Joe On 5/31/05, Joe Rinehart wrote: > I'd go through your whole app and implement CFQueryparam, shut off > robust exception information, and implement a sitewide error handler. > I've found places that expose SQL that shows where injection is > possible. > > -Joe > > On 5/31/05, dave wrote: > > like that has a chance in hell but the real page has video controls and > > mute button > > > > ~Dave the disruptor~ > > This bottle of lemonaid says "contains no lemon juice" > > and the can of Pledge says "contains real lemon juice" > > figures @%*((&% > > > > ---------------------------------------- > > From: "Michael T. Tangorre" > > Sent: Tuesday, May 31, 2005 7:48 AM > > To: CF-Talk > > Subject: RE: anyone bored? > > > > > From: dave [mailto:[EMAIL PROTECTED] > > > and wanna help go thru a site and find bugs? > > > There isn't a lot there but mostly concerned with the > > > shopping cart (its in test mode cc wont be charged) and cross > > > browser issues and just general feedback. > > > It's for www.icandfashion.com, if you are up to it lemme > > > know and I will send u link off list > > > > Yikes, I would ditch the sound on the homepage at the link above. > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208070 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
