> Because we are also trying to proctect the un/pw from the > PROGRAMMERS. With the form based model, a programmer could > theoretically slip a back door in and capture this data and > do nafarious things. Sometimes I wounder if management here > think we are the NSA or something.
My goodness, that's ridiculous. If you run a programmer's code without auditing every line of source code, you are in essence trusting that programmer. I could just as easily slip a back door into code that uses browser authentication as I could into code that uses forms-based authentication, I think. Keep in mind that, by default, CF code runs as SYSTEM on Windows servers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193359 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
