RE: Senior CF/StudioMX2004 Developer available

Tue, 07 Sep 2004 11:19:19 -0700

Not encrypting for that reason; session can't be hijacked when not visible
because of SSL; server type info not relevant as I'm not talking about
server security; all snippets of info that can be obtained are accounted for
and so not a concern.

The point of the Secure E-Commerce Engine is can you bust the software, not
the server or the network.
Thanks,
Louis Mezo
LogicSynthesis
Tel: 240.498.8951
[EMAIL PROTECTED]
http://www.logicsynthesis.com

  -----Original Message-----
  From: Neil Robertson-Ravo [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, September 07, 2004 2:09 PM
  To: CF-Jobs-Talk
  Subject: Re: Senior CF/StudioMX2004 Developer available

  True....the use of a Flash Movie does indeed add a certain degree of
  control....and the encryption of your templates (although secure when an
  error is displayed not so secure as a simple search on Google can yield
  a decryptor).

  You are still open for session highjacking via the copy n paste of CFID
  / CFTOKEN as they are visible always.  We also see you are using
  ColdFusion MX 6,1,0,hf52972_61 on a Jrun instance....

  I am not advocating hacking or server abuse but remember that these tiny
  snippets of info can yield frightening results.

  Louis Mezo wrote:

  >The LogicSynthesis site is more procedural than oo, on purpose.
  >
  >As far as IHRCO is concerned, I can't control what other people do with
  >their websites. I link to IHRCO simply because they are a former client.
  >
  >You'll need to do better than that to make me look bad ;-) Try and crack
  >LogicSynthesis, then get back to me, son.
  >
  >
  >
  >Thanks,
  >Louis Mezo
  >LogicSynthesis
  >Tel: 240.498.8951
  >[EMAIL PROTECTED]
  >http://www.logicsynthesis.com
  >
  >
  >  -----Original Message-----
  >  From: Adam Haskell [mailto:[EMAIL PROTECTED]
  >  Sent: Tuesday, September 07, 2004 1:52 PM
  >  To: CF-Jobs-Talk
  >  Subject: Re: Senior CF/StudioMX2004 Developer available
  >
  >
  >  I wasn't going to say but yeah pretty much...at the very least
  >  everyone should have Enable Robust Exception Information UNCHECKED on
  >  a production server.
  >
  >  Adam H
  >
  >  On Tue, 07 Sep 2004 11:40:11 -0600, Kwang Suh <[EMAIL PROTECTED]> wrote:
  >  > Hmm, try this out:
  >  >
  >  > http://www.ihrco.com/properties/index.cfm?Prop_ID=122;
  >  >
  >  >
  >
  >
  >
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

Reply via email to