[ACFUG Discuss] for application or session scoped variables

Sam Singer Wed, 06 Aug 2008 09:42:22 -0700

I'm using QueryParam Scanner to identify any potentialvulnerabilities. It is flagging code that uses application or sessionscoped variables such as:


 WHERE
        DeptID = #Application.DeptID#
        ORDER BY Lastname


Should Application.DeptID  be cfqueryparamed?  What about:
WHERE
PersonID = #GetAuthUser()#

Thanks,
Sam



-------------------------------------------------------------

To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform


For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------

[ACFUG Discuss] for application or session scoped variables

Reply via email to