> Why do you all want to interpret this as a final solution? > Blocking an IP will NOT block ANY attack, it will just stop > the current attack from THIS address, period. > But it is safer than letting the malbot try every page it can > find,... until it does find one in which CFQUERYPARAM was forgotten. > > ... > > CFQUERYPARAM is a nice and powerful feature, but it makes SQL > code more difficult to read, so the best is to use it only > when it is really necessary. > For me, using CFQUERYPARAM systematically for every parameter > is as stupid as never using it at all.
If you use it systematically for every parameter, you won't have any "forgotten" pages. Besides, again, it provides benefits beyond validation, such as potentially improving the reuse of execution plans. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309409 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
