First off, I am not a security expert, but I will launce a web site (eventually) and I have started looking into how to secure my web site and data; I canât afford to be sued because a thief got someoneâs personal information from my databaseâ¦.I have comments and questions. In searching the internet with respect to application security, more or less specific to Coldfusion, I did not see any qualification of the conversations/information. For example, the info I read may have been about how encrypting your data is a good thing, but there was no follow through, encrypting it where, on the server or on the client (to me, this is a flag that there is a lack of understanding). From what I have read, there does not seem to be a whole lot of understanding, for instance if you use the Coldfusion encrypt function, you just transmitted all your data in CLEAR TEXT over the internet to the server where the data will be encrypted, encrypting your data with CF encrypt function should only be used AFTER you have transmitted your data, SECURELY, over the internet. I also have read that hashing your data (for data integrity and password protection) is a good thing, create a hash, send the hash and the data, do another hash and compare the hashes. Great idea, but you just sent all your data, once again, in CLEAR TEXT, the hash function is executed on the CF server and you had to pass your text (across the internet) to the function. I just didnât see people differentiating between the client and server with respect to conversations about security. I did a search in Google with the term âclient side encryptionâ, there where less than one thousand hits, I did a search with the term âencryptionâ, almost 43 million hits, sounds like a disconnect to me. So here is my question, how is security done on the client prior to transmission, is JavaScript the main way? I will use an SSL certificate, but I also want to further encrypt the data and make a hash of it, before sending it to the server. What is the best way to accomplish this? By the way, I have both of the Coldfusion 7 (blue books), the only thing I found with regards to what I have been talking about was a small note which said: âThe encryption functions are useful for encrypting strings only after Coldfusion has processed themâ, page 147 second book. For something that is so important, shouldnât there have been huge banners along with bells and whistles making this clear, not just one tiny sentence amongst 2000 pages?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286813 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
