«
»

The recent injection attacks that have been seen against Coldfusion coded sites takes advantage of vulnerabilities in improperly coded sites. These attacks can be mitigated by using cfqueryparam within your cfquery statements. This function will force your input to be of a certain type, eliminating the possibility of a malicious user from entering SQL statements.

Below are some steps which will help you out to protect the ColdFusion code from SQL injection :-

Note: Use this function whenever you process dynamic data from a form or URL.

<cfqueryparam value="#URL.data" cfsqltype="cf_sql_integer">

The above example will take data from a URL and verify the data is an integer. If it is not, it will display an error message.

[Post to Twitter] Tweet This

This entry was posted by admin on March 4, 2009 at 10:42 pm under Dedicated Server Hosting, Linux Dedicated server, dedicated servers. Tagged , , , . You can leave a response, or trackback from your own site. Follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply