> It's alot harder to hack a db is you dont know the table and
> column names.
huh?
> As for encrypting the fuseaction, the question is why not?
Because it's useless.
Let's think this through:
I have a fuseaction called "products.list"
It encrypts to "wafiawjfw"
I type in "wafiawjfw" in the url.
It lists the products.
Where's the security?
Users
> can start throwing errors by trying different fuseaction calls.
> Which in turn could expose too much info if you dont have a site
> wide error handler.
Let me get this straight. I should waste time encrypting urls, and yet be stupid enough not to have an error handler.
Let's think this one through:
I type in "wiejfiawefijwf", which doesn't decrypt properly.
The site then throws an error, and since I don't have a site wide error handler, it exposes a whole bunch of information.
Where's the security?
The topic of this thread is securing cf apps.
> Although it may not be 100% necessary, it sure doesn't hurt.
It doesn't help either.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]