One of the site's I'm working on had a SQL break-in on an old application. The url scope passed an integer and the where statement in the cfquery wasn't protected by cfqueryparam. I've added cferror to this application as well so a hacker can't see the standard cf error message. Is there anything else I can do to tighten this issue down? Just want to make sure.
Thanks D ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297128 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
