John, You might also refer them to the following:
Describes the tag and why it's needed. http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=cfqueryparam Describes an SQL Injection Attack - CFQUERYPARAM is the most straightforward solution http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=security.pyramid.co de There are lots of other blogs out there with similar points to make about this tag. I'm sure you can marshal some resources to prove your point. Good luck :) -Mark -----Original Message----- From: John Rossi [mailto:[EMAIL PROTECTED] Sent: Friday, May 05, 2006 12:48 PM To: CF-Talk Subject: RE: Coldfusion with Godaddy I am going to reopen the incident with your explanation of the issue and see what happens. I made the mistake of replying to the incident while my blood was boiling after the tech told me that if I just remove the line of code causing the error the code would work. So my explanation was probably not quite as concise as yours. Thanks, John -----Original Message----- From: Mark A Kruger [mailto:[EMAIL PROTECTED] Sent: Friday, May 05, 2006 1:23 PM To: CF-Talk Subject: RE: Coldfusion with Godaddy I second that John, They are misinformed. I suspect their information came from a misconfigured DSN setting. For example, If I set up a user "bob" and didn't change "default database" for him, then I set up a JDBC connection without specifying the database I wanted to connect to - it would try to connect to master (which is the default default database for any new user), but it would fail because master doesn't allow direct manipulation of data. Instead it comes with a set of SP's (sort of a like an API) for making any changes. I would be very surprised if their information was accurate. More to the point, they are trading down when they deny cfqueryparam - not trading up. A site that doesn't user cfqueryparam is going to be less secure, slower, and will not be able to leverage the DB like it should. -mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239675 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
