Comments on: ColdFusion SQL Injection http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/ Web Application Engineers Mon, 05 Dec 2011 17:24:52 +0000 http://wordpress.org/ hourly 1 By: Patrick Quinn http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-43058 Patrick Quinn Fri, 24 Jun 2011 13:35:51 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-43058 Thanks a ton, Mike! Thanks a ton, Mike!

]]> By: Mike Henke http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-43025 Mike Henke Fri, 24 Jun 2011 01:39:28 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-43025 Here is the github repository if anyone has any updates/fixes/enhancements https://github.com/mhenke/WebApper-ColdFusion-SQL-Injection Here is the github repository if anyone has any updates/fixes/enhancements https://github.com/mhenke/WebApper-ColdFusion-SQL-Injection

]]> By: Patrick Quinn http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-42951 Patrick Quinn Wed, 22 Jun 2011 19:59:35 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-42951 That'd be great, Mike. Thanks for the effort. Keep us posted. That’d be great, Mike. Thanks for the effort. Keep us posted.

]]> By: Mike Henke http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-42949 Mike Henke Wed, 22 Jun 2011 18:41:53 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-42949 Patrick - I can throw up something like https://github.com/mhenke/CFML-in-100-minutes with a readme crediting and linking your this post. The repo would have the script for people to grab, tweak, and contribute back. Then if you guys create a github account eventually, I'll fork from yours. Patrick – I can throw up something like https://github.com/mhenke/CFML-in-100-minutes with a readme crediting and linking your this post. The repo would have the script for people to grab, tweak, and contribute back. Then if you guys create a github account eventually, I’ll fork from yours.

]]> By: Patrick Quinn http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-42946 Patrick Quinn Wed, 22 Jun 2011 17:51:47 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-42946 Hey Mike. That's a good thought, but, in all honesty I'm not sure we'd have time to give proper attention to an open source project right now. It's great to be <em>this</em> busy! Hey Mike. That’s a good thought, but, in all honesty I’m not sure we’d have time to give proper attention to an open source project right now. It’s great to be this busy!

]]> By: Mike Henke http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-42906 Mike Henke Wed, 22 Jun 2011 02:14:24 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-42906 Have you thought of placing this on github for people to help with? Have you thought of placing this on github for people to help with?

]]> By: Patrick Quinn http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-26895 Patrick Quinn Sun, 24 Oct 2010 17:55:52 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-26895 Sure thing, Peter! Sure thing, Peter!

]]> By: buy kinect http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-26868 buy kinect Sun, 24 Oct 2010 09:50:54 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-26868 Hello, I have a inquiry for the webmaster/admin here at www.webapper.com. May I use part of the information from this blog post above if I give a backlink back to this site? Thanks, Peter Hello,

I have a inquiry for the webmaster/admin here at http://www.webapper.com.

May I use part of the information from this blog post above if I give a backlink back to this site?

Thanks,
Peter

]]> By: Clement Huge http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-22838 Clement Huge Mon, 28 Jun 2010 18:41:31 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-22838 As a DBA, I still believe you should lean your SQL code towards the use of stored procedures. This way, you will be able to separate your application tier from your database tier. Also, Sql server will reuse compiled plans and will also check for the data type integrity of the parameters. Finally it will remove the dynamic sql that makes the sql injection you fear about. As a DBA, I still believe you should lean your SQL code towards the use of stored procedures. This way, you will be able to separate your application tier from your database tier.
Also, Sql server will reuse compiled plans and will also check for the data type integrity of the parameters.
Finally it will remove the dynamic sql that makes the sql injection you fear about.

]]> By: Shannon Hicks http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection/comment-page-1/#comment-6860 Shannon Hicks Tue, 21 Jul 2009 20:38:02 +0000 http://www.webapper.net/blog/index.cfm/2008/6/30/ColdFusion-SQL-Injection#comment-6860 I just checked, and it seems to work. Just remove the .html to make it into a cfm file. I just checked, and it seems to work. Just remove the .html to make it into a cfm file.

]]>