-adam
> -----Original Message-----
> From: Marlon Moyer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 03:40 PM
> To: 'CF-Talk'
> Subject: RE: Securing CF Apps.
>
> Okay, all this talk of encrypting url variables got me paranoid. I looked
> on cflib and checked out Tim Heald's UrlEncrypt/Decrypt functions. My
> question is why is cfusion_encrypt used instead of the standard encrypt
> function?
>
>
> --
> marlon
>
> "And Bobby you are right, I am being selfish, but the last time I checked,
> we don't have a whole lot of songs that feature the cowbell!"
>
>
> > -----Original Message-----
> > From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, March 23, 2004 9:27 AM
> > To: CF-Talk
> > Subject: RE: Securing CF Apps.
> >
> > I do not encrypt all values in my forms (I do for URLs though). The reason
> > I
> > encrypt some form field values and not others is that they are not all
> > important if altered by a malicious user...
> >
> > For instance. If I have a text box, I do not need to encrypt a date... My
> > checks to ensure that the text supplied in that field is a date will take
> > care of that. I encrypt important values that are used within queries:
> >
> > SELECT *
> > FROM table
> > WHERE someId = Decrypt(form.idfield,"key")
> >
> > This hides the type of values I am using to build the query with and it
> > also
> > limits the data that is exposed to the end user.
> >
> > Mike
> >
> > > > Yes. All URL and FORM variables should be encypted.
> > > Especially if you
> > > > are using a fusebox methodology.
> > >
> > > I've tried this, but my users were really upset with prompts
> > > such as this:
> > >
> > > "Please Enter the Hash value of the date you would like"
> >
> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
