>-----Original Message-----
>From: Mark Warrick [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, September 20, 2000 5:06 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
>
>
>Just to reiterate - you should never pass variables that
>identify a certain user through forms or URLs. If you do, you
>leave your system open for other people to copy those params
>and screw with other's peoples records.
>
I understand that, was only intending to pass the CFID/CFTOKEN in the
URL.
>Use session variables.
I do.
>You can store the session variables in
>the registry or in a database if you're worried about people
>not having cookies turned on, but I really wouldn't worry
>about the cookie-fearing types and the browsers that don't
>accept cookies. (God, do those browsers still exist?)
>
I really haven't worried about them before either, until now. But we've
noticed some problems with users making it through the part of the site
that depends on session variables, so I just wanted to account for those
who've disabled cookies.
My main concern was about security and Zach's comments seemed to have
addressed that fairly well.
>---mark
>
>--------------------------------------------------------------
>Mark Warrick
Thanks.
Chris Montgomery [EMAIL PROTECTED]
Web Development & Consulting http://www.astutia.com
Allaire Consulting Partner & NetObjects Reseller
210-490-3249/888-745-7603 Fax 210-490-4692
Allaire Software Sale! http://www.astutia.com/store
Find a Job in San Antonio http://www.sajobnet.com
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
