Good point, that's not a good example for ColdFusion, is it. But I figure there's more to a SQL Injection attack than just the single-quote attack?
Thanks, Chris -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, February 22, 2008 11:31 AM To: CF-Talk Subject: RE: CFC protect from SQL Injection? My point is that this won't work in CF, because CF auto escapes single quotes in variables... Russ > -----Original Message----- > From: Chris Norloff [mailto:[EMAIL PROTECTED] > Sent: Friday, February 22, 2008 11:15 AM > To: CF-Talk > Subject: RE: CFC protect from SQL Injection? > > Great info, thanks Paul. > > Here's a good link describing a SQL Injection attack during a > penetration test. Good for those who say "I can't do it therefore no > attacker could do it." > http://www.unixwiz.net/techtips/sql-injection.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299752 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
