Not encrypting for that reason; session can't be hijacked when not visible
because of SSL; server type info not relevant as I'm not talking about
server security; all snippets of info that can be obtained are accounted for
and so not a concern.
The point of the Secure E-Commerce Engine is can you bust the software, not
the server or the network.
Thanks,
Louis Mezo
LogicSynthesis
Tel: 240.498.8951
[EMAIL PROTECTED]
http://www.logicsynthesis.com
-----Original Message-----
From: Neil Robertson-Ravo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 07, 2004 2:09 PM
To: CF-Jobs-Talk
Subject: Re: Senior CF/StudioMX2004 Developer available
True....the use of a Flash Movie does indeed add a certain degree of
control....and the encryption of your templates (although secure when an
error is displayed not so secure as a simple search on Google can yield
a decryptor).
You are still open for session highjacking via the copy n paste of CFID
/ CFTOKEN as they are visible always. We also see you are using
ColdFusion MX 6,1,0,hf52972_61 on a Jrun instance....
I am not advocating hacking or server abuse but remember that these tiny
snippets of info can yield frightening results.
Louis Mezo wrote:
>The LogicSynthesis site is more procedural than oo, on purpose.
>
>As far as IHRCO is concerned, I can't control what other people do with
>their websites. I link to IHRCO simply because they are a former client.
>
>You'll need to do better than that to make me look bad ;-) Try and crack
>LogicSynthesis, then get back to me, son.
>
>
>
>Thanks,
>Louis Mezo
>LogicSynthesis
>Tel: 240.498.8951
>[EMAIL PROTECTED]
>http://www.logicsynthesis.com
>
>
> -----Original Message-----
> From: Adam Haskell [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 07, 2004 1:52 PM
> To: CF-Jobs-Talk
> Subject: Re: Senior CF/StudioMX2004 Developer available
>
>
> I wasn't going to say but yeah pretty much...at the very least
> everyone should have Enable Robust Exception Information UNCHECKED on
> a production server.
>
> Adam H
>
> On Tue, 07 Sep 2004 11:40:11 -0600, Kwang Suh <[EMAIL PROTECTED]> wrote:
> > Hmm, try this out:
> >
> > http://www.ihrco.com/properties/index.cfm?Prop_ID=122;
> >
> >
>
>
>
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
- Senior CF/StudioMX2004 Developer available Louis Mezo
- Re: Senior CF/StudioMX2004 Developer av... Adam Haskell
- Re: Senior CF/StudioMX2004 Develope... Jeffry Houser
- Re: Senior CF/StudioMX2004 Deve... Adam Haskell
- Re: Senior CF/StudioMX2004 Deve... Neil Robertson-Ravo
- RE: Senior CF/StudioMX2004 Deve... Kwang Suh
- Re: Senior CF/StudioMX2004 ... Adam Haskell
- RE: Senior CF/StudioMX... Louis Mezo
- Re: Senior CF/Stud... Neil Robertson-Ravo
- Re: Senior CF/... Louis Mezo
- Re: Senior CF/... Neil Robertson-Ravo
- RE: Senior CF/... Louis Mezo
- Re: Senior CF/... Neil Robertson-Ravo
- RE: Senior CF/Stud... Jeffry Houser
- RE: Senior CF/... Louis Mezo
- RE: Senior CF/... Jeffry Houser
- Re: Senior CF/StudioMX... Jim Campbell
- Re: Senior CF/Stud... Neil Robertson-Ravo
- RE: Senior CF/StudioMX2004 Develope... Louis Mezo
- RE: Senior CF/StudioMX2004 Developer av... Sear, Erik, CON, OASD(HA)/TMA