Home | Projects | Contact Me

A Few Thoughts

Posted At : July 29, 2008 5:00 PM | Posted By : Shane Zehnder
Related Categories: WhosOnCFC,Coldfusion,Development

Well, it would seem the new release of WhosOnCFC has went off without a hitch.  I have not had a torrent of bug reports coming in so I assume the code is fairly stable.

With the flood of SQL injection attacks aimed at ColdFusion recently, security has been a major concern of mine.  I have had several voice concerns of not using CFQueryParam in the component.  Since WhosOnCFC runs completely independent of databases I do not see this being a huge issue.  The core of the component is an array of structures which has a function to convert the stored information into a query on the fly.

I was speaking to Joshua about security concerns this morning and he did bring up one possible exploit that could be used, but it is something I have never seen before.  I intend on getting this patched up quickly and I will release the details once it is done.



Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 525 Views
Comments

There are no comments for this entry.

[Add Comment]
Layout: Shane Zehnder ::: BlogCFC was created by Raymond Camden. ::: This blog is running version 5.9.