A new type of sql attack is hitting my server since about 2 am this morning..... It got through the filter I use because it has different keywords. Luckily the cfparam triggered an error - as it was looking for intergers and was finding this: ========================================================= +and+1=convert(int,(select+top+1+table_name+from+information_schema.tables))--sp_password ========================================================
So I added sp_password and schema to my list of bad keywords Al ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312847 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
