How are you handling security now? Session variable?
-----Original Message----- From: Asad Khan [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 23, 2007 8:27 PM To: CF-Talk Subject: CFID-CFTOKEN Major Issues. HELP!!!! I am having a huge problem right now, I have an application where I am using CFID/Cftoken as part of URL parameter. They are currently being maintained in the registry. One of my clients emailed the URL (entire URL) to another individual (who does not use this application at all) in totally different location. When that user clicked on the link, he was logged in as the Client and was able to access the entire system. Huge Security Issue here. What is the underlying cause of it? If I change the session management parameters though the CF Administrator to use cookies, is there other major work (code re-write) I need to do, since the application has been developed using cfids/cftokens in the URL. OR Can I set the addtoken=no in the cflocation and prevent the tokens from being append to URL.. If yes, are there any major repercussions. Will this work. Asad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279033 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4