Home | Projects | Downloads | Contact Me | SQL Injection Attacks

A Few Thoughts

Posted At : July 29, 2008 5:00 PM | Posted By : Shane Zehnder
Related Categories: WhosOnCFC,Coldfusion,Development

Well, it would seem the new release of WhosOnCFC has went off without a hitch. I have not had a torrent of bug reports coming in so I assume the code is fairly stable.

With the flood of SQL injection attacks aimed at ColdFusion recently, security has been a major concern of mine. I have had several voice concerns of not using CFQueryParam in the component. Since WhosOnCFC runs completely independent of databases I do not see this being a huge issue. The core of the component is an array of structures which has a function to convert the stored information into a query on the fly.

I was speaking to Joshua about security concerns this morning and he did bring up one possible exploit that could be used, but it is something I have never seen before. I intend on getting this patched up quickly and I will release the details once it is done.

Send |

Digg It! |

Linking Blogs | 305 Views

Comments

There are no comments for this entry.

[Add Comment]

WhosOnCFC

Users Online: 2
Most users since reset: 12
10/11/08 at 5:58:43 AM
This version: 2.2.1.1

Search

Calendar

Archives By Subject

Adobe (2) [RSS]
Adobe AIR (1) [RSS]
BlogCFC (24) [RSS]
Blogging (19) [RSS]
CFEclipse (4) [RSS]
Coldfusion (71) [RSS]
Development (57) [RSS]
ExplorerG3 (3) [RSS]
Galleon Forums (1) [RSS]
General (21) [RSS]
IT (5) [RSS]
jQuery (3) [RSS]
Lighthouse Pro (2) [RSS]
Linux (2) [RSS]
Live Writer (3) [RSS]
Model-Glue (2) [RSS]
Off Topic (8) [RSS]
Rants (8) [RSS]
Rapid Application Development (1) [RSS]
Transfer ORM (6) [RSS]
TV/Movies (1) [RSS]
Warcraft (1) [RSS]
WhosOn (10) [RSS]
WhosOnCFC (54) [RSS]
WhosOnCFCStats (21) [RSS]

RSS

Recent Comments

Using jQuery to Scroll to the bottom of an Element
Nik said: great work man. Works like a charm! [More]

CFLayout and IE weirdness
Guy Sagy said: Many thanks !!! Help me a lot. [More]

Using jQuery to Scroll to the bottom of an Element
Oscar said: Good tutorial, in this case 1 line is more valuable than 10. I'm a jQuery fan so in my current proje... [More]

WhosOnCFCDB 0.90b Available on RIAForge
Shane Zehnder said: Woops.. Guess in my haste to get it out to testers I forgot to include the installation instruction... [More]

WhosOnCFCDB 0.90b Available on RIAForge
Jeff said: Looked at the demo. Peaked my interest. Looks good. Are there any installation instructions to add ... [More]

Layout: Shane Zehnder ::: BlogCFC was created by Raymond Camden. ::: This blog is running version 5.9.