If you don't use the data that is in the variables, then (as far as I know), no validation of the data itself needs to be done.
On Mon, Jan 24, 2011 at 8:31 AM, Richard White <[email protected]> wrote: > > Hi, > > basic question but want to make sure i understand url variables! Is it > possible for malicious code to be sent through url variables? > > Basically, Some CFM files in our applications receive variables through the > URL which are just used to do some processing if they are true.... e.g. > > if url.variable 1 eq true > do something... > end if > > Would there be any need to validate whether this variable is true or false at > the start of the page? I am thinking there isnt any need as if it isnt equal > to true then nothing will happen anyway. > > as a general rule i am only validating any url variables if they contain data > to be placing in the database, is this right? > > thanks > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341129 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
