I have a SQL 2012 DB that is getting attacked via SQL injection daily.
Ill probably need to switch hosting companies but before I did I wanted to see if I could prevent it.
So the site is older and has thousands of cfm pages with thousands of queries.
I am going through and adding the cfqueryparam tags when I can but it will take a while
The attack is always the same.
They attack the same 2 tables and the same fields.
The attacked field type is (nvarchar(255))
They insert things like www.cialis.............. or www.paydayloans.....
My site doesn't have any SQL update queries in it.
So is there a way to prevent any database updates via SQL query update statement in the application.cfm?
Something like if query string contains update..dont do the sql update?
AdChoices