I received a few error e-mails early this morning from someone trying to hack my Web site. Oddly enough, they were attempting to do so through the RSS feed and overloading the dynamic query parameters. Anyone familiar with BlogCFC will know you can subscribe to category specific feeds. This allows blog aggregators to send in a UUID for the category and retrieve only relevant posts. This morning someone attempted to overload the category query param in an effort to retrieve other information from my database. Ray Camden, being the good programmer and security proponent he is, stopped the attempt with judicious use of the CFQUERYPARAM tag. The tag saw the extra parameters tacked onto the category UUID and immediately threw an exception (which I received via e-mail).
So, thanks to Ray for always pushing Web site security and for utilizing security mechanisms in the software he builds.
About this post:
This entry was posted by Aaron West on December 10, 2006 at 2:27 PM. It was filed in the following categories: ColdFusion. It has been viewed 2458 times and has 6 comments.