But of course. Was just pointing out that it appeared she was only going to use it once. It's up to the programmer to either code it properly or delete it when they are through.
Dave Watts wrote: >> It's a one time query that she's using to insert data into >> the db initially. Unless she left that page open for anyone >> to access no real need to secure it in that fashion. Of >> course doesn't hurt, just saying from the sounds of her post >> it will only be used ONCE, by her. >> > > I do a lot of code reviews for clients. I can't count the number of times > I've found "test" or "one-time" files like this in a production environment, > accessible by end users, and discoverable by reasonably clever malicious > users. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311209 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
