I'm trying to remember myself - guess I should learn to use the Notes field a bit more. ;)
I believe the idea was to hack your own session.urltoken. Basically, every link would have x=YYYYYYY, where Y would be an encrypted form of the username and password. Then you would decrypt the value and relogin using cflogin each hit. Of course, that could be dangerous if someone breaks your encryption. As for the session thing - what you would do is simply store the username and password (and roles) in session values, then use session.urlToken. This would be a bit simpler for sure, although you would want to use the UUID for Session Token setting. Hope that makes sense. ======================================================================= Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Jeff [mailto:[EMAIL PROTECTED] > Sent: Monday, March 24, 2003 10:18 AM > To: CF-Talk > Subject: A Quick Question to Raymond RE: Your PowerPoint > presentation... > > > Raymond, > > I was reading over your Powerpoint presentation last week > (ColdFusionMX Application Security), and I just remembered > something I had a quick question about... > > On the last page of the presentation you have the following: > > Extra - Cookie-less Security > ---------------------------- > Pass encrypted key in URL > Like cookie-less session > Use session variable > Need to pass session.urlToken > Need to coordinate session/login timeout. > > I was just wondering what this was referring to, and if maybe > you could expand a little more on it...Specifically the "Pass > encrypted key in URL" part. Also the pass session.urlToken > part too...what's the deal with that? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
