Are you using <cfqueryparam> on all your values too? This is just one more layer to help out.
Kevin -----Original Message----- From: Ian Lurie [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 10:17 AM To: CF-Talk Subject: Preventing SQL injection attacks...? Hi all, Had some interesting errors in our logs yesterday. It appears that someone's trying to hack our database by inserting SQL query language into the URL string. We're doing all the standard security measures, including filtering for single quotes, using database passwords, and the like, and we locked out their IP immediately. But really, how do you prevent this? Any ideas/feedback out there? Ian Portent Interactive Helping clients build customer relationships on the web since 1995 Consulting, design, development, measurement http://www.portentinteractive.com ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
