This week <cfqueryparam> dominated the discussion due to SQL injection attacks that targeted ColdFusion sites. Sites using <cfqueryparam> were safe, others not so. If you haven't taken the time to get to know <cfqueryparam>, now is the time.
A lot of great entries were written on <cfqueryparam> this week, so I chose a few of the ones I thought to be most helpful.
- Thread safety and the var scope - live example (Mike Schierberl, July 21)
- ColdFusion String is a Java String (Anuj Gakhar, July 23)
- ColdFusion 9 - What We Know (so far) (Brian Rinaldi, July 23)
- Setting up a dev environment (Justice, July )
- SQL Injection Part III - Don't Forget Sorting (Mark Kruger, July 21)
- Combining SQL Query Strings and CFQUERYPARAM (Mark Kruger, July 21)
- QueryParam Scanner- You've got no excuse now (Brad Wood, July 22)
- ASCII / Cast() Attacks (John Mason, July 22)
- Using Eclipse to find queries that aren't using <cfqueryparam /> (Dan Switzer, July 23)
- Use CFQUERYPARAM!! (Jared Rypka-Hauer, July 23)
- Mastering CFQUERYPARAM (Pete Freitag, July 24)
- cfqueryparam: it's not just for security-- also, when NOT to use it (Brad Wood, July 26)
- Adding Cfqueryparams to a Legacy Site Without Losing Your Hair (Mark Kruger, July 26)