I'm trying to remember myself - guess I should learn to use the Notes
field a bit more. ;)
I believe the idea was to hack your own session.urltoken. Basically,
every link would have x=YYY, where Y would be an encrypted form of
the username and password. Then you would decrypt the value and relogin
using cflogin each hit. Of course, that could be dangerous if someone
breaks your encryption.
As for the session thing - what you would do is simply store the
username and password (and roles) in session values, then use
session.urlToken. This would be a bit simpler for sure, although you
would want to use the UUID for Session Token setting.
Hope that makes sense.
===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia)
Email: [EMAIL PROTECTED]
Blog : www.camdenfamily.com/morpheus/blog
Yahoo IM : morpheus
My ally is the Force, and a powerful ally it is. - Yoda
-Original Message-
From: Jeff [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 10:18 AM
To: CF-Talk
Subject: A Quick Question to Raymond RE: Your PowerPoint
presentation...
Raymond,
I was reading over your Powerpoint presentation last week
(ColdFusionMX Application Security), and I just remembered
something I had a quick question about...
On the last page of the presentation you have the following:
Extra - Cookie-less Security
Pass encrypted key in URL
Like cookie-less session
Use session variable
Need to pass session.urlToken
Need to coordinate session/login timeout.
I was just wondering what this was referring to, and if maybe
you could expand a little more on it...Specifically the Pass
encrypted key in URL part. Also the pass session.urlToken
part too...what's the deal with that?
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4