I think I just had some wrong info on it thanks guys :)
~Dave the disruptor~ This bottle of lemonaid says "contains no lemon juice" and the can of Pledge says "contains real lemon juice" figures @%*((&% ---------------------------------------- From: Dave Watts <[EMAIL PROTECTED]> Sent: Friday, June 03, 2005 10:25 PM To: CF-Talk <[email protected]> Subject: RE: using scriptProtect > anyone know how good this is working? > I would assume using queryparam would still be in order but > I thought this was for that but not quite sure. No, these do different things. CFQUERYPARAM prevents you from sending strings to the database as code that the database will execute. The new SCRIPTPROTECT attribute is intended to filter inputs for common words used in cross-site scripting attacks, which don't execute within the database at all. Instead, XSS attacks typically execute within a browser - you send some JavaScript when you submit a form, I later browse that record within the application and my browser receives your JavaScript and executes it. As for its usefulness, well, it's pretty limited. All it does is filters against a few common words, which doesn't protect you against someone just a bit more clever than that - there are all sorts of ways to write XSS exploits, and this just catches the simplest and best-known. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208585 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
