Operation cf_SQLProtect: 16,000 cfqueries protected
Posted by
Brad Wood
Aug 01, 2008 06:25:00 UTC
I have confirmed at least 16,000 individual cfquery tags which have been protected from SQL injection vulnerabilities by having cfqueryparam added to them.I am confident the actual number is much, much higher due to the small number of people who actually contacted me. I'd say it was a success, but it doesn't end here. If you are changing and adding to your code base you should always be checking for missing cfqueryparams. If you fixed up queries in your app and forgot to give me a count of how many database calls you secured; go ahead and let me know so I can add it to the total.
Brian
I had already secured the site I inherited sometime ago, but this tool helped me find a few I missed.
Thank you very much!