I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a "my SQL Injection blocker is better than yours", yet trying to educate myself on just what is going on and what is best to do. Does this thing just raise it's ugly head every now and then and go away for a while? This is the first I have seen of it on my server. Thanks in advance, ~David G. Moore, Jr. UpstateWeb, LLC> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 14:36:46 -0400> > > I also had a concern about thread safety; it's caching the java.util.> > regex.Matcher object in Application scope, and calling Application.> > injChecker.reset(testvar) for each url/form/etc variable -- seems like > > Matcher.reset() changes state of the cached Matcher object? > > Thanks for pointing this out...I updated the tool on my site to address this and also switched it to use a different RegEx that seems to work better and throw less false positives. Same link to download as before:> > http://www.cfwebstore.com/index.cfm?fuseaction=page.download&downloadID=18> > --- Mary Jo> > > > > > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311313 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
