> Anyway, whatever solves the Michael's problem I feel sure > is going to be a combination of things, not just the one.
Actually, with this particular SQL injection attack it's really easy to stop. We created a SQL filter that is called from application.cfm. It loops through the URL structure and checks to see if any URL variables contain both a semi-colon and any SQL keyword. If a match is found, it just cfaborts the request and sends us an e-mail with the details. We periodically review those messages and have not found a single false-positive yet after deployment to every site we manage. Granted, it will not stop SQL injection through form posts, but I don't recall ever seeing a SQL injection attack through a form post (yet). At the least it can put an immediate stop to the current flood and give you time to implement other protective measures such as cfqueryparam, etc. We have CF5 and CFMX versions if anyone wants a copy. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310350 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
