Where is CF_Input? I cant find it on the Developers exchange.
On a SQL database cant you specify that the user connected to the database
cannot use the DROP command? Wouldn't this be the first line of defense?
At 05:00 PM 7/9/2001 -0400, you wrote:
>Why not just use cf_input this tag works great, you can add words in there
>like delete drop and add so that you don't have people entering things into
>your database.
>
>Robert Everland III
>Dixon Ticonderoga
>Web Developer Extraordinaire
>
>-----Original Message-----
>From: Josh R [mailto:[EMAIL PROTECTED]]
>Sent: Monday, July 09, 2001 1:46 PM
>To: CF-Talk
>Subject: Re: URL Hacks - Solution
>
>
>I've been reading this thread since the beginning and came up with a pretty
>comfortable solution. I call it cf_antihack. It's a blanket script with a
>pretty quick run time. I haven't placed it on the Developers Exchange yet,
>but I might.
>
>I am offering it to you guys first so I can get some input on it.
>
>You can get the code at my site at http://www.rubak.com/cf-codes.cfm
>
>Don't forget to give me some feedback. If people like this solution, I plan
>to increase it's reach to cover other security issues.
>
>Disclaimer: I am by no means a security expert. I just came up with (what I
>think is) a good idea.
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
