On Thu, Sep 23, 2010 at 9:48 AM, DURETTE, STEVEN J (ATTASIAIT) <[email protected]> wrote: > > Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the > only thing that will hit your database. Say someone finds your database > and calls a procedure. You would really hate it if they passed in > username = 'dummy';drop usertable;-- and your code didn't account for > it. Suddenly your usertable is gone. Always check in each place.
If "someone finds your database" and "executes a stored procedure", you've got *WAY* bigger problems than application coding. Ri ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337374 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
