With SQL injection they can delete what they don't have access to. With XSS they can do that while making it look like someone else did it.
mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/6/30 Claude Schneegans <[email protected]>: > > >>Internal security problems are far more common than external ones. > Within a large organization, not all users may be trustworthy. > > C'mon, if they are users and they have access to the system, if they go > crazy, > do they really need SQL injection to harm the system ? > They can simply delete all what they have access to, they can replace > content by porn, whatever. > Will CFQURYPARAM protect your application against that ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324075 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
