And on a related note.. What are the best ways to go about ensuring that
the parameters passed are valid?
Is a simple:
cfif IsDefined("URL.id") AND IsNumeric(URL.id)
do the query
cfelse
kick someone in the keister
/cfif
sufficient, or are there more sinister things to look for? (This of
course assumes passing simple numeric values, which seems pretty
commonplace).
-Tim
----- Original Message -----
From: "S R" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 12:43 PM
Subject: URL Hack Fix??
> another hack question. I've read Don Vawter's website on how to
prevent this
> type of attack. Someone told me at my work that there's an IIS patch
that
> prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and SQL
2000 for
> the backend. I want to go back and add these fixes to my CF pages, but
if
> there's a patch, I won't need to do it.
>
> Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
