Hi, When the user logs in, I save their username to the session scope.
Would i need to re-validate that username at the top of every page that uses it in a database query? I previously thought this was not necessary but if it is possible for someone to send malicious sql injection then surely it is also possible (even though very unlikely) for someone to send code that changes the username stored in the session to some malicious sql injection. thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341131 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
