Operation cf_SQLProtect: 16,000 cfqueries protected

Posted At : July 31, 2008 11:25 PM | Posted By : Brad Wood
Related Categories: SQL, Security, ColdFusion

I have confirmed at least 16,000 individual cfquery tags which have been protected from SQL injection vulnerabilities by having cfqueryparam added to them.

I am confident the actual number is much, much higher due to the small number of people who actually contacted me. I'd say it was a success, but it doesn't end here. If you are changing and adding to your code base you should always be checking for missing cfqueryparams. If you fixed up queries in your app and forgot to give me a count of how many database calls you secured; go ahead and let me know so I can add it to the total.

Comments (1) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 1584 Views
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Brian's Gravatar I had already secured the site I inherited sometime ago, but this tool helped me find a few I missed.

Thank you very much!
# Posted By Brian | 8/7/08 9:08 AM
[Add Comment]


BlogCFC was created by Raymond Camden. This blog is running version 5.9.5. Contact Blog Owner