Devnet Article on Securing CF From SQL Injection

coldfusion I was just reading through this article on Adobe Devnet titled

Secure your ColdFusion application against SQL injection attacks, and I have a few issues with the article.

This entry was:

Detecting SQL Injection with ScriptProtect

coldfusion databases It occurred to me this morning that ScriptProtect can be a handy feature for globally catching a few forms of SQL Injection Attacks

WARNING - just like its inability to protect against all forms of XSS attacks this solution DOES NOT protect you from all SQL Injection attacks.

This entry was:

ScriptProtect in ColdFusion MX 7 not a catch all

coldfusion ColdFusion MX 7 has a new feature that lets you "lets you protect one or more variable scopes from cross site scripting (XSS) attacks". It can be turned on in the cfapplication tag using the scriptProtect attribute, or in the ColdFusion Administrator as a global setting.

This entry was:


did you hack my cf?