Thanks Charlie. One question re cfqueryparam. If I'm using the the CF_SQL_VARCHAR type does it strip out injected SQL, because basically injected SQL is just text. Brian
---------------------------------------- From: "Charlie Arehart" <charlie_li...@carehart.org> Sent: Wednesday, 27 May 2015 11:59 AM To: cfaussie@googlegroups.com Subject: RE: *****SPAM***** [cfaussie] CF 11 and SQL injection Brian, there are a range of options, starting from within your code, like CFQUERYPARAM (and more), to the app level, to the web server level, to web application firewall apps, to external devices, each of which can address sql injection and/or other possible injection attacks. Some are free or open source, some are commercial; some are easy (and may not completely cover you) while some are complex (and may keep you from using them well) with a range in between. I keep a list of such tools, in that order, as a category of my CF411 site, specifically cf411.com/security. I indicate if they are free or not, if they are specific to an OS, web server, etc. You should find a few choices to consider which may best suit your needs. Hope that’s helpful. /charlie From: cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] On Behalf Of Brian Knott Sent: Tuesday, May 26, 2015 5:33 AM To: cfaussie@googlegroups.com Subject: *****SPAM***** [cfaussie] CF 11 and SQL injection Guys what’s the best way to handle SQL injection in CF 11. Brian -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.