> > Yes. All URL and FORM variables should be encypted.
>
> This is beyond silly.
I have to agree with Kwang here. Rather than encrypting these values, why
not just accept useful values from the client? If you have a form, and
you're allowing the user to enter data within that form, why encrypt that
data? Why encrypt URL parameters, if you're going to allow the user to click
on the link that has them anyway?
If you have data you don't want the client to know about, don't let the
client send it back to the server via form or URL variables.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: RE: RE: Securing CF Apps. Tom Kitta
- Re: Securing CF Apps. Jochem van Dieten
- RE: Securing CF Apps. Dave Watts
- RE: Securing CF Apps. Burns, John D
- OT: IIS Virtual Directory brobborb
- Re: OT: IIS Virtual Directory Jochem van Dieten
- Re: Securing CF Apps. Adrocknaphobia
- web application vs. web site was Re: Securing CF Ap... Conan Saunders
- RE: RE: RE: Securing CF Apps. Dave Carabetta
- RE: RE: RE: Securing CF Apps. Tom Kitta
- RE: Securing CF Apps. Dave Watts
- RE: Securing CF Apps. Dave Watts
- Stripping Alphas brobborb
- Re: Stripping Alphas Ubqtous
- RE: Stripping Alphas Barney Boisvert
- Re: Stripping Alphas Charlie Griefer
- RE: Stripping Alphas J E VanOver
- RE: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Barney Boisvert
- RE: Securing CF Apps. Andy Ousterhout