I agree totally... i think Application Flow / Roles / Access levels should be driven by UNIQUE (USERID NUMBER) rather than USERNAME/LOGON ID/ PASSWORDS etc
Joe ----- Original Message ----- From: "S. Isaac Dealey" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, July 25, 2002 10:05 AM Subject: RE: Client Database question > > Basically, this is why I've never set usernames and passwords as > > client variables. However, not allowing SELECTs would stop anyone > > from stealing them in this manner. I just always figured that > > restricting SQL operations would also restrict CF from SELECTing, and > > UPDATEing. But some testing shows it doesn't affect CF in writing or > > accessing client variables. > > I wold still avoid setting either username or password as client variables > personally... and tend to hash() passwords as they're going into the db > also. For that matter, if I wanted to be particularly strict about security, > I would hash the usernames also, :) since I never display the usernames. ( > i.e. like AOL/AIM's login with your screenname that's readily available to > everyone. ) > > > Isaac Dealey > > www.turnkey.to > 954-776-0046 > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists