> well thats a bit silly isnt it? It really was funny ! ;-) BUT, you could be more secure if you go like: 1. the user put in username and password into the form 2. a query seaching for that combination and if found 3. UPDATE a (additional) field name "Clearly" in the UserTable with a new UUID 4. put this UUID in a Cookie, named LoginID
Now, there is no change...especialy with SSL inclusive. Every Time you need some UserInformations you "have" to read that information over a query with "Clearly=#cookie.LoginID#" Because there is always, after each login, a new LoginID it is more secure. AND, because it is no #Session.LoginID# it do not have to be locked AND, because it is no #Session.LoginID# it can't be Copy&Pasted from the URL Be shure that you only use a temp. Cookie, so the Cookie will be cleared after the browser ist closed You can log the IP-Adresse to if you like WhoIs a User.... www.maxmind.de tells you even more about an IP-Adress ! Source if you like, but OT. digitally <cf_ryoung> -----Ursprüngliche Nachricht----- Von: Matt Horn [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 26. November 2003 11:52 An: [EMAIL PROTECTED] Betreff: Re: [ cf-dev ] [Fwd: Securing user login details] well thats a bit silly isnt it? ----- Original Message ----- From: "Stephen Moretti" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 26, 2003 12:46 PM Subject: [ cf-dev ] [Fwd: Securing user login details] > Poor lad!!! > > > -------- Original Message -------- > Subject: Securing user login details > Date: Wed, 26 Nov 2003 10:17:06 -0000 > From: John McCosker <[EMAIL PROTECTED]> > Reply-To:[EMAIL PROTECTED] > To: CF-Talk <[EMAIL PROTECTED]> > > > > Hi, > > is there an alternative way to secure (encrypt) user login details > along > the wire than SSL. We have a client who wants security but does not > trust SSL. > > Is there anything out there I can look into. > > Thanx, J > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] For > human help, e-mail: [EMAIL PROTECTED] > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
