Cfqueryparam or cfstoredproc will naturally prevent this, but you should also be logging these attack attempts to monitor the activity. Portcullis (portcullis.riaforge.org), a cfc filter, can do this. An even better option is to implement a web application firewall.
John Mason [EMAIL PROTECTED] 770.337.8363 www.FusionLink.com - ColdFusion and Flex hosting Now offering VPS Plans running with VMware technology Now offering ColdFusion 8 Enterprise hosting FREE Subversion hosting _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Monday, July 21, 2008 1:46 PM To: [email protected] Subject: [ACFUG Discuss] Re: SQL injection in the recent news again http://www.cfwhisperer.com/post.cfm/urgent-sql-injection-attack-vulnerabilit y DK -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
