What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)
Is cfqueryparam enough?
I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart. http://portcullis.riaforge.org/