You will use cfqueryparam... or else!

This post is more than 2 years old.

A friend, who prefers to remain anonymous, pinged me today to ask what my favorite cfqueryparam scanner was. I don't actually use one, but when I asked him why he wanted one, I was a bit surprised by his answer.

My friend does hosting, but it's not his primary business. He has decided that he is going to begin a policy of scanning all the files on his system for ColdFusion queries w/o cfqueryparam. He will then send emails out to all developers who have failed to properly use cfqueryparam. If the code isn't updated in two weeks, the server will be disconnected.

What do people think about this? Too draconian? Should a host be scanning for 'trouble' code at all?

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA