http://www.houseoffusion.com/hof/security/database.cfm
Joe Hoffman mailto:[EMAIL PROTECTED] National Institutes of Health Center for Information Technology Division of Computer System Services -----Original Message----- From: Ian Lurie [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 11:17 AM To: CF-Talk Subject: Preventing SQL injection attacks...? Hi all, Had some interesting errors in our logs yesterday. It appears that someone's trying to hack our database by inserting SQL query language into the URL string. We're doing all the standard security measures, including filtering for single quotes, using database passwords, and the like, and we locked out their IP immediately. But really, how do you prevent this? Any ideas/feedback out there? Ian Portent Interactive Helping clients build customer relationships on the web since 1995 Consulting, design, development, measurement http://www.portentinteractive.com ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
