I was pondering the following thought this morning...
Thinking about security and Fusebox.
Thinking that if somebody wanted to discern all of your CFINCLUDEd
templates, all they need is a source view of index.cfm, which they could get
easily by constructing their own page and (for Windows folks) right-clicking
on the hyperlink to save the code locally, as in:
<a href="www.foo.com/index.cfm">I'm gonna steal your code</a>
Then they could read the code, and by using the same technique as above,
ultimately get all of your source code.
Having never used CFCRYPT before, would it be an acceptible/worthwile
measure to CFCRYPT index.cfm, thus preventing exposure of underlying CF
templates?
Alan McCollough
Web Programmer
Alaska Native Medical Center
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
