> Not from the same address though, because it is banned now. This appears to be a botnet-driven attack. Blocking addresses may be problematic in that case.
> And the purpose of my code is not to replace CFQUERYPARAM. That's fine. My concern isn't really with you, Claude, but with people who might read your remarks and think that what you're doing is a valid substitute for CFQUERYPARAM - because it's not. > It is to add an extra feature that will not only protect the > database, but ALSO the whole site, because the guy won't be > able to open any other page. If you're using CFQUERYPARAM as well, this doesn't really add any protection to the database. If you're not, the protection it does add is far from complete. Again, that's really my concern with your proposal. > > Figuring out what patterns to deny is a losing battle. > > Look at what <CFQUERYPARAM CFSQLType = "CF_SQL_INTEGER "... does: > It triggers an error if the parameter is not an integer. > My code does exactly the same thing, PLUS it bans the > intruder in case some known attack pattern is detected. On its face, your comparison seems valid. But that's not really what CFQUERYPARAM does. Or at least, it's an incomplete description. What it does is separate data from executable code. This mechanism prevents data from being executed as code. The specific type of data is really invalid, and it'll work with any data now and in the future. It's as close to a foolproof mechanism as you're going to find. While it does validate specific data types, its real power is in this separation of data from code. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309395 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
