There is an excellent small article on security vis a vis URL, cookie and
form parameters at:
http://webreview.com/2001/04_13/developers/index02.shtml
My question is what do the members of this list use to prevent malicious
attempts to alter or destroy a database by means of the URL form or cookie
such as an example given in the article:
http://www.mysite.com/doLogin.php?UserID=12345
changed to
http://www.mysite.com/doLogin.php?UserID=12345+TRUNCATE+TABLE+Items
or when someone enters a SQL command in a form text box
12345 TRUNCATE TABLE Items
I guess one could do a content check of every submitted variable to detect
for SQL statements such as TRUNCATE, DELETE, UPDATE, INSERT, etc.
Thanks,
Sebastian
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
