Dragonsaber Website Design Banners Computer Art Print Design Kerwin"s Resume About Dragonsaber

September 20, 2008

SQL Injection Defense

Dragonsaber, KimEngYeo.com and Frommer's have been protected against SQL injection attacks. For more details on implmenting the fix, please read the paragraph below by ColdFusion guru, Ben Forta.

SQL Injection Attacks, Easy To Prevent, But Apparently Still Ignored
I was just on a web site (no, not a ColdFusion powered site, and no I will not name names) browsing for specific content. The URLs used typical name=value query string conventions, and so I changed the value to jump to the page I wanted. And I made a typo and added a character to the numeric value. The result? An invalid SQL error message. Read more.
Ben Forta

No comments: