Despite your reluctance to use custom tags I would
recommend you look at <CF_inputfilter> in the gallery,
this blocks malicious form submissions by filtering out
a list of characters you specify. (requires CF4.5)
Also keep your db outside your root directory!
HTH
Tristram Charnley
-----------------
[EMAIL PROTECTED]
"If something is hard to do, its not worth doing!"
Homer Simpson.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 07 March 2001 22:15
> To: CF-Talk
> Subject: Validating user input.
>
>
> Hello Everyone,
>
> I'm pretty new to Coldfusion, and I need some guidance.
> I am developing a site where users will be able to submit
> information a database (their tips and tricks, nothing special).
> I want to make my app secure as possible. What kind
> of steps should I follow to make sure any malicious code
> gets passed? Which kind of symbols should I filter out, and
> which cf function would work best for this purpose. I do not
> want to use
> custom tags. Does anybody have a security checklist before
> deploying a site? Maybe someone can guide me to a good security
> related website.
>
> Thanks,
>
> Robert
>
> [EMAIL PROTECTED]
> http://www.httpworkshop.com
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
