Great info, thanks Paul. Here's a good link describing a SQL Injection attack during a penetration test. Good for those who say "I can't do it therefore no attacker could do it." http://www.unixwiz.net/techtips/sql-injection.html
Our problem is existing code with lots of Form and URL variables used in cfquerys - retrofitting is a hard sell, so we're looking at how much exposure we have, and how to mitigate the problem. thanks, Chris ---------- Original Message ---------------------------------- From: "Paul Vernon" <[EMAIL PROTECTED]> Reply-To: [email protected] Date: Fri, 22 Feb 2008 14:47:24 -0000 >I know it's a bit late to join in on the conversation but, here goes... .... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299708 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
