Yea, I mentioned that before in the thread. Theoretically, hashing should be 1 way (so there is no way to turn the hash back into the value). But you could run a bruteforce against a hash, and be able to figure out what the hashed value really is. You can also build a table of all possible hashes, and then it just becomes a linear search. (I know someone who's got the complete rainbow tables for windows passwords, and is able to find any password within a few hours, I believe, if he's got the hash).
-----Original Message----- From: Kerry [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 1:14 PM To: CF-Talk Subject: RE: pseudo-memory leak FYI, hashing something doesnt mean that it cant be extracted, why just the other day my little 2Ghz workstation extracted a 5 character password from a hash in about 5 minutes... -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: 29 November 2005 09:43 To: CF-Talk Subject: RE: pseudo-memory leak Normally you would HASH the data so it cannot be extracted and used or changed. -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: 28 November 2005 23:40 To: CF-Talk Subject: RE: pseudo-memory leak Cookies are not very secure now, are they? Lets say I was going to let the user be logged in, and I wanted that to persist... So I would do.. Client.userId=123456 Now, the user has no way to change that... Now, lets say I store it in the cookie... <Cfcookie name="userId" value="123456"> Now, the user can examine their cookies and know their userid. Worse, they can change the userid, and be logged in as a different user. Russ -----Original Message----- From: Ryan Guill [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 2:04 PM To: CF-Talk Subject: Re: pseudo-memory leak I have never really found a need for client variables. What benefit do they really offer? The only time I could see using them is when you had something that you might think about storing in a cookie. I rarely come across a need like that where I dont really want a cookie, and if I do I usually just store it in the session. Am I missing something there? On 11/28/05, Russ <[EMAIL PROTECTED]> wrote: > Are you still running another server on BD? How is BD handling this issue? > > -----Original Message----- > From: Michael Dinowitz [mailto:[EMAIL PROTECTED] > Sent: Monday, November 28, 2005 1:38 PM > To: CF-Talk > Subject: pseudo-memory leak > > I've written up my thoughts on what looks like the problem that the > House of Fusion server was facing for the last few weeks. It's a > problem that probably affects others but I'm not going to comment on > how wide spread it is until the full write-up on Fusion Authority. > These are just my notes and thoughts. > http://www.blogoffusion.com/index.cfm/2005/11/28/pseudomemory-leak > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225594 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
