hi, I have created a cms ecommerce system, which allows the user to insert html to customise their pages. I am paranoid about the security aspects as all users share the same datasource.
Basically, i dont want any cf code to be inserted into the db, then used in a milicious way on the db. So far, i have in place a load find replace functions which replace <cf, <cfscript> blocks, <script> blocks etc. I also replace > and < with its html equivelant. Then convert them back on output. Is there anything i else i should be doing? cheers in advance Jamo --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
