Dragonsaber, KimEngYeo.com and Frommer's have been protected against SQL injection attacks. For more details on implmenting the fix, please read the paragraph below by ColdFusion guru, Ben Forta.
SQL Injection Attacks, Easy To Prevent, But Apparently Still Ignored
I was just on a web site (no, not a ColdFusion powered site, and no I will not name names) browsing for specific content. The URLs used typical name=value query string conventions, and so I changed the value to jump to the page I wanted. And I made a typo and added a character to the numeric value. The result? An invalid SQL error message. Read more.
Ben Forta
Forta.com
September 20, 2008
SQL Injection Defense
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment