Doing that on everything.
-----Original Message----- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: Friday, August 15, 2014 1:54 PM To: cf-talk Subject: RE: protection from sql attacks with regex++ Uhm... cfqueryparam Robert Harrison Director of Interactive Services Austin & Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -----Original Message----- From: Stephens, Larry V [mailto:steph...@iu.edu] Sent: Friday, August 15, 2014 1:51 PM To: cf-talk Subject: protection from sql attacks with regex++ Using information from a Ben Nadel atricle, jsStringFormat( htmlEditFormat()) seems to be catching insertions like <b> and escaping them. However, I have tried a number of regex routines from http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks plus another from a CF article that I can't place at the moment, to catch statements like "select * from tblX" inserted into a text field. None of them seem to work. The number of articles and pages making recommendations and giving examples is overwhelming. Can someone provide a suggestion for protecting a site in addition to what I got from Nadel and using ScriptProtect? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359121 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
