someone could conceivable type "; drop table [tablename];" into a form field
if they knew the name of the table and mess up the DB
Bryan Love ACP
Internet Application Developer
[EMAIL PROTECTED]
-----Original Message-----
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 9:28 AM
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.....err..."hacking?" my
site/database through the URL. So far, I've got 2 tablenames, the
datasource, and some field names. I dont want to have to do a lot of coding
to prevent this from being seen by someone else, but i will if have to, but
first i want to know if anyone could do anything with this much information.
Thanx! :)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
