Application & Database Security (cf.Objective() Daryl Banttari)
Some helpful tips to use to keep security at a high level:
- Replace “<” from input values.
- Minimal database permissions for all queries, possibly having seperate accounts used for select queries versus inserts/updates.
- Use stored procedures when possible. Injections are more difficult in a call to a stored procedure versus a normal query.
- Secure both front end and back end.
- Needless to say, use queryparam’s within a cfquery. Even when using cf_sql_varchar, a sql statement cannot be executed.