Jake,
I would suggest using javascript to encrypt the pw string if you HAVE to
pass it through the URL string (I am assuming here that it has been inputted
in a text field and it can't be passed any other way). If you are only
going to store the variable and don't need to know what the string is then I
suggest one-way hashing with the MD5 algorithm. If you need to know the
password string, then I suggest that you find some way of not passing it
into the URL. Passing it through the HTTP header as a form variable would
be more secure at the very least.
Moral of story: do your best never to pass passwords through the URL string.
Paul
PS You can ensure that the user is using Javascript by writing a Javascript
redirect to itself with an added URL string of js=yes and a timestamp of
some sort so that CF can stop it if the user tries to hack into the page at
a later time. If you want to know what I mean, email me off list.
> -----Original Message-----
> From: Jake Hileman - Patmos [mailto:[EMAIL PROTECTED]]
> Sent: 06 November 2000 16:06
> To: CF-Talk
> Subject: Passing PWs via URL bar
>
>
> Any idea how I can encode/encrypt a pw to be passed via the URL bar?
> Encrypt and URLEncode don't play nice together. :-)
>
>
> Any ideas?
>
> jake
>
> ------------------------------------------------------------------
> ------------------------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> or send a message with 'unsubscribe' in the body to
> [EMAIL PROTECTED]
>
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
