Yeah ... you should try variations of drop:table as the ID number (actually you might not want to do that). First of all make sure you are using <cfqueryparam> in your queries. Because you can't control what people do to the urls consider using form variables ... but that is a security risk as well.
So we did this to try and counter it: http://sourceforge.net/projects/cfurlencrypt/ ::: -----Original Message----- ::: From: David Douglas [mailto:[EMAIL PROTECTED]] ::: Sent: Friday, January 18, 2002 11:26 AM ::: To: CF-Talk ::: Subject: Preventing URL Variables from being changed ::: ::: ::: Hello, ::: ::: I setup a view query where it only displays records on the ::: user's ID. I ::: notice that if I change the ::: ID name in the URL it will show the other records for that ::: ID, I am sure ::: there is a simple way to prevent this. ::: ::: Any help is greatly appreciated. ::: ::: Thanks ::: ::: Dave ::: ____________________________________________________________ ::: __________ ::: Why Share? ::: Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB ::: HD / 20 GB MO/XFER ::: Instant Activation � $99/Month � Free Setup ::: http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc ::: FAQ: http://www.thenetprofits.co.uk/coldfusion/faq ::: Archives: http://www.mail-archive.com/[email protected]/ ::: Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ______________________________________________________________________ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
