I am referring to ongoing maintenance, not security. Teddy
On 8/25/06, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> wrote: > > But why? What is the point? If cfqueryparam does this all for you? Just > seems like a little overkill for no real gain. > > > > > "This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, > Registered in England, Number 678540. It contains information which is > confidential and may also be privileged. It is for the exclusive use of > the > intended recipient(s). If you are not the intended recipient(s) please > note > that any form of distribution, copying or use of this communication or the > information in it is strictly prohibited and may be unlawful. If you have > received this communication in error please return it to the sender or > call > our switchboard on +44 (0) 20 89107910. The opinions expressed within > this > communication are not necessarily those expressed by Reed Exhibitions." > Visit our website at http://www.reedexpo.com > > -----Original Message----- > From: Dan Plesse > To: CF-Talk > Sent: Fri Aug 25 17:47:24 2006 > Subject: Re: coldfusion sql injection > > My example using PrepareStatements. > > This makes a "sql injection attack" a thing of the past and its also > faster. > > > PreparedStatement ps = con.PrepareStatement("INSERT INTO MYTABLE VALUES > (?,?,?,?);"); > > ps.setInt(1, 3); > ps.setString(2, "something"); > ps.setString(3, "and"); > ps.setString(4, "other"); > ps.executeUpdate(); > > > On 8/25/06, Mkruger <[EMAIL PROTECTED]> wrote: > > > > I have a good example of injection and XSS here... > > > > > > > > http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=security.pyramid.co > > de > > > > > > -----Original Message----- > > > > > > > > So there's the question. Can someone provide an example of a > > working sql injection attack? > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251058 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
