Packet sniffers. Server logs. Pick your poison. Sent via BlackBerry by AT&T
-----Original Message----- From: "Ajas Mohammed" <[EMAIL PROTECTED]> Date: Tue, 29 Jul 2008 16:45:51 To: <discussion@acfug.org> Subject: Re: [ACFUG Discuss] cflocation with variables encrypted, is it safe approach? Thanks for suggestion Cameron. Before we get into that, Let me take one step backwards. How will someone get my url. Here is the process explained in detial. there are 2 parties. one identity provider(Idp) and other service provider(SP) i.e. me. identity provider has there own server to authenticate users which we are not concerned with. After this, IDP user clicks on a link (I am not concerned with this link)and it brings the user to my verification module and thats where I plan to use the logic with encryption, that I had emailed in the first post. So, how can someone get my url, if I plan to remove the url vars I had generated earlier, and url is shown to user as Myhome.cfm instead of it being appended with variables? Any ideas? Ajas. On Tue, Jul 29, 2008 at 4:17 PM, Cameron Childress <[EMAIL PROTECTED]>wrote: > On Tue, Jul 29, 2008 at 4:11 PM, Ajas Mohammed <[EMAIL PROTECTED]> wrote: > > Shawn/Cameron, yeap thats a big hole and I plan to use timestamp to avoid > > it, but I dont know right now exactly how that will be done. > > Using any predictable or easy to guess information (like a timestamp) > is not a good security measure in most cases. > > > So any suggestions for stopping replay attack. > > One time use token > > -Cameron > > -- > Cameron Childress > Sumo Consulting Inc > http://www.sumoc.com > --- > cell: 678.637.5072 > aim: cameroncf > email: [EMAIL PROTECTED] > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > -- <Ajas Mohammed /> http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
