A big one: If the users can get this information. They may be able to send
CFTAGS in your form fields and cause trouble.
Be sure to validate all form entries to abort any cftags being sent into
form fields.
Signed,
Bill King
HostWorks INC
http://www.hostworks.com
-----Original Message-----
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 10:28 AM
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.....err..."hacking?" my
site/database through the URL. So far, I've got 2 tablenames, the
datasource, and some field names. I dont want to have to do a lot of coding
to prevent this from being seen by someone else, but i will if have to, but
first i want to know if anyone could do anything with this much information.
Thanx! :)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
