I think by default it does block &. But you get to choose what does and doesn't get through.
Ade -----Original Message----- From: Kola Oyedeji [mailto:[EMAIL PROTECTED] Sent: 03 April 2003 11:03 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Kinda Hacking but ... I'm assuming that you can tell it what to filter out. Isn't ";" used as part of a J2EE session identifier on the url? And surely it doesn't reject ampersands in the url? Kola >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> Sent: 03 April 2003 10:09 >> To: [EMAIL PROTECTED] >> Subject: RE: [ cf-dev ] Kinda Hacking but ... >> >> >> works with IIS as part of the IISLockDown tool, although I think it can >> also be installed on it's own. checks no invalid stuff is going into the >> url, e.g. >> >> ; drop table admin >> >> would get rejected. can't remember it all, but it's things like ;.&* >> etc. >> It keeps logfiles, you'd be surprised the amount of attempted url hacks >> for >> C:\cmd.exe etc. >> >> should be installed as a basic security measure on any NT/2000 server >> imho. >> >> >> Duncan Cumming >> IT Manager >> >> http://www.alienationdesign.co.uk >> mailto:[EMAIL PROTECTED] >> Tel: 0141 575 9700 >> Fax: 0141 575 9600 >> >> Creative solutions in a technical world >> >> ---------------------------------------------------------------------- >> Get your domain names online from: >> http://www.alienationdomains.co.uk >> Reseller options available! >> ---------------------------------------------------------------------- >> ---------------------------------------------------------------------- >> >> >> >> "Kola Oyedeji" >> <[EMAIL PROTECTED] To: >> <[EMAIL PROTECTED]> >> yalty.com> cc: >> Subject: RE: [ cf-dev >> ] Kinda Hacking but ... >> 03/04/2003 10:05 >> Please respond to >> dev >> >> >> >> >> >> While we're on the subject, what exactly does urlscan do? We don't use >> it here, we generally rely on using cfqueryparam and restricting DSNs >> I'm wondering if we should be using it. >> >> >> Thanks >> >> Kola >> >> >> -----Original Message----- >> >> From: Snake.Lists [mailto:[EMAIL PROTECTED] >> >> Sent: 02 April 2003 18:24 >> >> To: [EMAIL PROTECTED] >> >> Subject: RE: [ cf-dev ] Kinda Hacking but ... >> >> >> >> I put a stop to things like a while ago. It did used to be possible >> tho. >> >> >> >> Russ >> >> >> >> -----Original Message----- >> >> From: [EMAIL PROTECTED] >> >> [mailto:[EMAIL PROTECTED] >> >> Sent: 02 April 2003 17:16 >> >> To: [EMAIL PROTECTED] >> >> Subject: RE: [ cf-dev ] Kinda Hacking but ... >> >> >> >> >> >> >> >> or how about updating some details, maybe insert a nice new LEA, >> delete >> >> those we don't like. >> >> >> >> >> >> Duncan Cumming >> >> IT Manager >> >> >> >> http://www.alienationdesign.co.uk >> >> mailto:[EMAIL PROTECTED] >> >> Tel: 0141 575 9700 >> >> Fax: 0141 575 9600 >> >> >> >> Creative solutions in a technical world >> >> >> >> >> ---------------------------------------------------------------------- >> >> Get your domain names online from: >> >> http://www.alienationdomains.co.uk >> >> Reseller options available! >> >> >> ---------------------------------------------------------------------- >> >> >> ---------------------------------------------------------------------- >> >> >> >> >> >> >> >> Adrian Lynch >> >> <[EMAIL PROTECTED] To: >> >> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >> >> ubble.net> cc: >> >> Subject: RE: [ >> cf-dev ] >> >> Kinda Hacking but ... >> >> 02/04/2003 17:16 >> >> Please respond to >> >> dev >> >> >> >> >> >> >> >> >> >> >> >> Here's hoping it only has SELECT permissions! >> >> >> >> -----Original Message----- >> >> From: [EMAIL PROTECTED] >> >> [mailto:[EMAIL PROTECTED] >> >> Sent: 02 April 2003 17:12 >> >> To: [EMAIL PROTECTED] >> >> Subject: Re: [ cf-dev ] Kinda Hacking but ... >> >> >> >> >> >> >> >> well, next step is for some bright spark to stick a "; drop table >> >> ContentLEAdetails" on there. >> >> >> >> >> >> Duncan Cumming >> >> IT Manager >> >> >> >> http://www.alienationdesign.co.uk >> >> mailto:[EMAIL PROTECTED] >> >> Tel: 0141 575 9700 >> >> Fax: 0141 575 9600 >> >> >> >> Creative solutions in a technical world >> >> >> >> >> ---------------------------------------------------------------------- >> >> Get your domain names online from: >> >> http://www.alienationdomains.co.uk >> >> Reseller options available! >> >> >> ---------------------------------------------------------------------- >> >> >> ---------------------------------------------------------------------- >> >> >> >> >> >> >> >> >> >> Dave Phipps >> >> >> >> <[EMAIL PROTECTED] To: >> >> <[EMAIL PROTECTED]> >> >> cf.co.uk> cc: >> >> >> >> Subject: Re: [ cf-dev ] >> >> Kinda >> >> Hacking but ... >> >> 02/04/2003 >> >> >> >> 16:51 >> >> >> >> Please >> >> >> >> respond to >> >> >> >> dev >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> I managed to get this to produce more than one record: >> >> >> >> >> http://www.dfes.gov.uk/leagateway/index.cfm?action=address.list&name=15% >> 2 >> >> 0OR >> >> >> >> %20id=2 >> >> >> >> >> >> HTH >> >> >> >> Dave >> >> >> >> At 11:36 4/2/2003 +0100, you wrote: >> >> >You obviously don't work in Education .... :) >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> >"Stephen Moretti" <[EMAIL PROTECTED]> on 02/04/2003 11:32:58 >> >> > >> >> >Please respond to [EMAIL PROTECTED] >> >> > >> >> >To: [EMAIL PROTECTED] >> >> >cc: (bcc: Paul Swingewood/Education/BCC) >> >> >Subject: Re: [ cf-dev ] Kinda Hacking but ... >> >> > >> >> > >> >> > >> >> > >> >> >Paul, >> >> > >> >> > >> >> > > This maybe kinda hacking but I wonder if anyone can help me out >> on >> >> this >> >> >one >> >> > > .... >> >> > > >> >> > > I need a list of all the DfES LEA's in the country. (Local >> Education >> >> > > Authority) >> >> > > >> >> > > The DFES website allows you to show them all in a-z format and >> then >> >> click >> >> > > on each to get the details. Is there a fast way that I can send a >> >> query >> >> >or >> >> > > force their code to show them all in one go (Select * from) . >> >> > > >> >> > >> >> >How about asking the DfES?? >> >> > >> >> >Stephen >> >> > >> >> > >> >> > >> >> >-- >> >> >** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> > >> >> >To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> >For additional commands, e-mail: [EMAIL PROTECTED] >> >> >For human help, e-mail: [EMAIL PROTECTED] >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> >************************************************************* >> >> >This email and any files transmitted with it are confidential >> >> >and intended solely for the use of the individual or entity >> >> >to whom they are addressed. If you have received this email >> >> >in error please notify [EMAIL PROTECTED] >> >> > >> >> >The views expressed within this email are those of the >> >> >individual, and not necessarily those of the organisation >> >> >************************************************************* >> >> > >> >> > >> >> >-- >> >> >** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> > >> >> >To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> >For additional commands, e-mail: [EMAIL PROTECTED] >> >> >For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
