Another thing you can do is create different datasources, each with different rights; - read only - update - delete
And use the read only datasource on the queries that only read data. The ones that update data might be behind a username and password so that would make it more difficult for the hackers. On Fri, Sep 26, 2008 at 10:13 AM, Claude Raiola <[EMAIL PROTECTED]>wrote: > Hi, > > We have just had an SQL injection attack. > > Given we have several hundred cold fusion pages and the sql database as > several hundred tables has anyone found a reliable solution where why script > can be placed in the application.cfm page that will prevent code being > appended to queries as a viable alternative to having to edit every query > across the 100's of pages use the appropriate <cfqueryparam ............. > > > Regards > > Claude Raiola > B.Econ (Acc), B.Hot.Mngt. > > Websites: > www.AustralianAccommodation.com <http://www.australianaccommodation.com/> > www.SAMARIS.NET <http://www.samaris.net/> > www.WebSiteSolutions.com.au <http://www.websitesolutions.com.au/> > Mobile: 0414 228 948 > > > > > -- Try advertising on the new Australian Business Directory www.clickfind.com.au blog: http://australiansearchengine.wordpress.com/ Web Designers > http://www.web-designers-australia.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
