All the form scrubbing may be a pain, but it's not a bad idea. That's the stuff most people overlook.
We are in the title business and our public facing sites sanitize all form and URL variables to make our customers happy about security. (Mostly Lenders) Not using AT LEAST CF 7 is retardo though. I'm sure they probably have a few miles of red tape in the way. I know the government supposedly uses a lot of ColdFusion which is pretty cool. I don't know if it's true, but I read once that Windows XP didn't have any Easter eggs because the government used it and they couldn't use ANY code with "undocumented features". Go figure. ~Brad -----Original Message----- From: Les Mizzell [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 16, 2008 1:02 PM To: CF-Talk Subject: Re: Forcing a CFC to refresh... > Actually, this is incorrect. Congressional websites are hosted and managed > by the US Senate Sergeant-at-Arms office (which is also a kickass CF shop). Hmm - getting off topic - but the one Congressman site I've got - they gave me a freaking FIT over using Coldfusion, and said that *only* version 5 was "approved". I couldn't use anything else. I had to put so much regex all over forms to block "bad" stuff and pass their security scans that it was ridiculous. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303587 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
