Ok, I am going to try to make the site work all ssl. I am concerned about the video streaming over ssl, but I guess we will see how it goes.
On a related subject: is there a way to make the jsessionid cookie secure without making the jrun change? I ask because doing so affects all sites on the server, and I had planed to run other sites on this particular server. On Tue, Mar 6, 2012 at 12:59 PM, Cameron Childress <camer...@gmail.com>wrote: > > On Tue, Mar 6, 2012 at 11:55 AM, Robert Rhodes <rrhode...@gmail.com> > wrote: > > > I hear you, but there are issues preventing me from going all https. > It's > > a long story. > > > > Is there a way to copy, with some code in the application.cfm, the > > jsessionid between http and https so we don't lose the session state? > > > > You could make this work, but then you would be exactly where you currently > are, and would again fail the PCI audit. I know you are looking for a > "quick answer", but there isn't really a great easy option here. Many shops > spend literally months getting compliant, so this code change really > doesn't seem so huge in comparison, even though I know if feel like it is. > > You best solution, in the long term as well as the short run, is to make > the code changes and just spend the time and money on it so it's right. > > -Cameron > > -- > Cameron Childress > -- > p: 678.637.5072 > im: cameroncf > facebook <http://www.facebook.com/cameroncf> | > twitter<http://twitter.com/cameronc> | > google+ <https://profiles.google.com/u/0/117829379451708140985> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350282 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
