On 1/24/2011 8:50 AM, Richard White wrote: > ok thanks for the help I just wanted to add that your question, concerns and the replies DO NOT just apply to URL variables. They apply to ANY and ALL data received from the client. Including form POST values, COOKIE values, ect.
Anything and everything received from external, untrusted sources must be considered suspect. I mention this because many people have the mistaken impression that form POST variables are more secure and thus do not need to be tested just because they are not written in the URL bar of the browser. This is most definitely not true. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341132 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
