I've considered this. I am not sure how Stored Procs handle the parameters. Aren't Stored Procs still using SQL statements in the end?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Sorge Sent: Thursday, May 29, 2003 10:11 AM To: [EMAIL PROTECTED] Subject: Re: SQL Injection How about using only Stored Procedures? ----- Original Message ----- From: "derek bumpas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 29, 2003 10:02 AM Subject: SQL Injection > > Hi all, > > I would like to know how most of you are protecting against malicious > users and checking for various attacks. I am most interested in > protecting against SQL Injection. Most of the examples and code > snippets that I have seen on both Macromedia and other sites don't > seem to have ANY protection against this type of attack. > > The CFQUERYPARAM tag can help if used correctly, but what are some > other techniques being used? > > Thanks, > derek > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To unsubscribe: > Send UNSUBSCRIBE to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org > > ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
