And what do you when the "hardcore" hacker hits your site?
Sounds to me that people do silly, potentially harmful things like url encryption simply because they don't properly consider data input, output and transfer and then make themselves feel better by saying that it deters "casual" hackers, whatever the hell that means.
----- Original Message -----
From: "Kazmierczak, Kevin" <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 9:49 am
Subject: RE: Securing CF Apps.
> Yeah I agree encrypting all variables is a bit much, but
> encrypting some
> of them might be enough to make the casual hacker move on to a
> differentserver without encrypted variables. If that person
> really wanted to
> decrypt those variables, they could. The most important thing to
> do is
> to make sure data is validated before you do anything with it.
>
> Kevin
>
> _____
>
> From: Kwang Suh [EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 11:39 AM
> To: CF-Talk
> Subject: Re: Securing CF Apps.
>
> There is nothing inherently wrong with letting users see fuseaction
> names.
>
> And to use a very weak form of "encryption" that makes you think that
> you're somehow safe against attacks is an extremely bad situation
> to be
> in.
>
> ----- Original Message -----
> From: Adrocknaphobia <[EMAIL PROTECTED]>
> Date: Tuesday, March 23, 2004 9:24 am
> Subject: Re: Securing CF Apps.
>
> > Point being, if you want a secure app, don't let users see your
> > fuseaction names.
> >
> > -adam
> >
> > > -----Original Message-----
> > > From: Kwang Suh [EMAIL PROTECTED]
> > > Sent: Tuesday, March 23, 2004 04:14 PM
> > > To: 'CF-Talk'
> > > Subject: Re: Securing CF Apps.
> > >
> > > > Yes. All URL and FORM variables should be encypted.
> > >
> > > This is beyond silly.
> > >
> > > Especially if
> > > > you are using a fusebox methodology.
> > >
> > > Using or not using Fusebox has nothing to do with the situation.
> > >
> > >
> > >
> > >
> >
> >
> _____
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
