Use an encryption function with a dynamic key to encrypt field names whilst
outputting then a decryption function when using the form data. Reset the
key periodically.
hth
Rod
----- Original Message -----
From: "Peter Tilbrook" <[EMAIL PROTECTED]>
To: "CFAussie Mailing List" <[email protected]>
Sent: Wednesday, October 26, 2005 8:28 PM
Subject: [cfaussie] Suggestions - CF form security
What is the best way to prevent users in a BB type scenario from posting
script or SQL into a textfield or textarea? Making changes to the
administrator is not an option.
I figured there must be something better than REreplaceNoCase. However, if
REreplaceNoCase is the best option, does anyone have a readymade snippet
of
code that will encompass the most malicious tags, SQL attacks, etc?
<<
This is a message from a NG and I was stumped apart from using
CFQUERYPARAM or UDF's. Any other suggestions?
If it is any consolation no-one yet seems to have a safe answer and their
have been a few.
Thanks!
PT
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to
[EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/
