on cflib and checked out Tim Heald's UrlEncrypt/Decrypt functions. My
question is why is cfusion_encrypt used instead of the standard encrypt
function?
--
marlon
"And Bobby you are right, I am being selfish, but the last time I checked,
we don't have a whole lot of songs that feature the cowbell!"
> -----Original Message-----
> From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 9:27 AM
> To: CF-Talk
> Subject: RE: Securing CF Apps.
>
> I do not encrypt all values in my forms (I do for URLs though). The reason
> I
> encrypt some form field values and not others is that they are not all
> important if altered by a malicious user...
>
> For instance. If I have a text box, I do not need to encrypt a date... My
> checks to ensure that the text supplied in that field is a date will take
> care of that. I encrypt important values that are used within queries:
>
> SELECT *
> FROM table
> WHERE someId = Decrypt(form.idfield,"key")
>
> This hides the type of values I am using to build the query with and it
> also
> limits the data that is exposed to the end user.
>
> Mike
>
> > > Yes. All URL and FORM variables should be encypted.
> > Especially if you
> > > are using a fusebox methodology.
> >
> > I've tried this, but my users were really upset with prompts
> > such as this:
> >
> > "Please Enter the Hash value of the date you would like"
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
