RE: *****SPAM***** RE: [cfaussie] CF 11 and SQL injection

2015-05-27 Thread Charlie Arehart
: cfaussie@googlegroups.com Subject: *SPAM* RE: [cfaussie] CF 11 and SQL injection Thanks Charlie. Interesting only your replies come through maked as spam. I have had other replies to this question from other users with no issues. Maybe your mail client thinks I work for Microsoft

RE: [cfaussie] CF 11 and SQL injection

2015-05-27 Thread Brian Knott
ehart" Sent: Thursday, 28 May 2015 2:31 AM To: cfaussie@googlegroups.com Subject: RE: [cfaussie] CF 11 and SQL injection No, that’s one of the problems with relying on cfqueryparam for sql injection. To be clear, this is NOT its job. People rely on it basically as a hack. It only works wh

RE: [cfaussie] CF 11 and SQL injection

2015-05-27 Thread Charlie Arehart
No, that’s one of the problems with relying on cfqueryparam for sql injection. To be clear, this is NOT its job. People rely on it basically as a hack. It only works when you set the type to something like CF_SQL_INTEGER, because the incoming value is supposed to be a number, in which case it th

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread Tim Donovan
to pass any SQl injection test. > > Brian > > > > -- > *From*: "Ricardo Russon" > *Sent*: Wednesday, 27 May 2015 7:53 AM > > *To*: cfaussie@googlegroups.com > *Subject*: Re: [cfaussie] CF 11 and SQL injection > > If you

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread Brian Knott
: cfaussie@googlegroups.com Subject: Re: [cfaussie] CF 11 and SQL injection If you aren't on a windows box, then you can also look into fail2ban. On Wed, May 27, 2015 at 7:45 AM, M@ Bourke wrote: You should also use the OWASP library which I believe is included in later versions of

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread Ricardo Russon
>> *From*: "Ricardo Russon" >> *Sent*: Tuesday, 26 May 2015 7:53 PM >> *To*: cfaussie@googlegroups.com >> *Subject*: Re: [cfaussie] CF 11 and SQL injection >> >> cfqueryparam? >> >> Is there something more specific y

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread M@ Bourke
eryparam the only measure thatis currently recommended/ > > Brian > > > > -- > *From*: "Ricardo Russon" > *Sent*: Tuesday, 26 May 2015 7:53 PM > *To*: cfaussie@googlegroups.com > *Subject*: Re: [cfaussie] CF 11 and SQL injection > &g

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread Brian Knott
ubject: Re: [cfaussie] CF 11 and SQL injection cfqueryparam? Is there something more specific you are having an issue with? On Tue, May 26, 2015 at 7:33 PM, Brian Knott wrote: Guys what’s the best way to handle SQL injection in CF 11. Brian -- You received this message b

Re: [cfaussie] CF 11 and SQL injection

2015-05-26 Thread Ricardo Russon
cfqueryparam? Is there something more specific you are having an issue with? On Tue, May 26, 2015 at 7:33 PM, Brian Knott wrote: > Guys what’s the best way to handle SQL injection in CF 11. > > > > Brian > > -- > You received this message because you are subscribed to the Google Groups > "cfaus