Cool...this may be really ignorant, but what's 'cw'? I'd be shifty of anything that didn't let me develop proper data-layer code from the start.
-Joe On 5/31/05, dave <[EMAIL PROTECTED]> wrote: > site wide error handler is there just turned off at the momement. > > I haven't gone through the cw code yet to do the trimming and cfqueryparams > yet, after final version I will. Cw tends to break whenever you touch > anything in it and after just getting it compliant I decided to wait on the > rest. I'm also concidering going through and re-writing it as it seems like > it was written quite awhile ago and would like to have it use cfc's instead, > fix some of the java in it and get rid of a good chunk of the current code. > > thanks for input > > ~Dave the disruptor~ > This bottle of lemonaid says "contains no lemon juice" > and the can of Pledge says "contains real lemon juice" > figures @%*((&% > > ---------------------------------------- > From: Joe Rinehart <[EMAIL PROTECTED]> > Sent: Tuesday, May 31, 2005 1:00 PM > To: CF-Talk <cf-talk@houseoffusion.com> > Subject: Re: anyone bored? > > Hi Dave, > > I'd also surround _all_ of the places where you display user input > with htmlEditFormat(), as it's kind of open for HTML monkeying > (leading to XSS attacks). > > -Joe > > On 5/31/05, Joe Rinehart wrote: > > I'd go through your whole app and implement CFQueryparam, shut off > > robust exception information, and implement a sitewide error handler. > > I've found places that expose SQL that shows where injection is > > possible. > > > > -Joe > > > > On 5/31/05, dave wrote: > > > like that has a chance in hell but the real page has video controls and > > > mute button > > > > > > ~Dave the disruptor~ > > > This bottle of lemonaid says "contains no lemon juice" > > > and the can of Pledge says "contains real lemon juice" > > > figures @%*((&% > > > > > > ---------------------------------------- > > > From: "Michael T. Tangorre" > > > Sent: Tuesday, May 31, 2005 7:48 AM > > > To: CF-Talk > > > Subject: RE: anyone bored? > > > > > > > From: dave [mailto:[EMAIL PROTECTED] > > > > and wanna help go thru a site and find bugs? > > > > There isn't a lot there but mostly concerned with the > > > > shopping cart (its in test mode cc wont be charged) and cross > > > > browser issues and just general feedback. > > > > It's for www.icandfashion.com, if you are up to it lemme > > > > know and I will send u link off list > > > > > > Yikes, I would ditch the sound on the homepage at the link above. > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208073 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
