> This is a scoping question. Somewhere on one of our servers there is a > customer setting a variable password. I am not even sure which scope it > is > in, however if another customer does something with password and they do > not > specify the scope (i.e. Form) they get this other customers value. I > think > that is terribly abnormal but how could this be? My thoughts were the > same > application name perhaps. I am going to investigate further but I thought > you all could provide some suggestions.
How spaghettied is the code for this site? ... Could be that the password for some ugly reason wound up getting stored in application or session scope and then is being copied into the form scope on the other customer's page .. If there are any unlocked session variables in the site, that could be an inadvertent gateway for leakage from one person's session to another... Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
