RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

> > So if I think this out logically, the ONLY way to ensure > > absolute security is if the user has their cookies turned on. > > Well... That's not 100% secure either. It *is* possible for a > malicious user to share his cookies with others. A malicious user > could ALSO manually add ?CFID=

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > So if I think this out logically, the ONLY way to ensure > absolute security is if the user has their cookies turned on. Well... That's not 100% secure either. It *is* possible for a malicious user to share his cookies with others. A malicious

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

See CFWACK3 p 656 for Forta's way to do this. best, paul At 05:29 PM 9/20/00 -0700, you wrote: >I guess you could do a cookie check to find out whether their cookies are >enabled, and if not, direct them to a set of "less secure" templates that >do the variable passing through URLs and Form v

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

eers.com ICQ: 346566 -- > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 20, 2000 4:42 PM > To: CF-Talk > Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > > > But as

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

0, 2000 4:13 PM > To: CF-Talk > Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > > Session variables are nice, just remember that once you go to multiple > servers to scale, you may have issues unless you use "stick > servers/sessions&quo

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

http://www.warrick.net >Business Email: [EMAIL PROTECTED] >Business URL: http://www.fusioneers.com >ICQ: 346566 >-- > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 20, 2000 3:43 PM >

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

> But as someone else on the list pointed out, I think I may have > mistated that session variables require cookies. That person > (forgot the name) said that session variables are stored in the > server's RAM anyway, so it shouldn't matter if they have their > cookies turned on or not. Regardle

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

rk Warrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 20, 2000 3:06 PM To: [EMAIL PROTECTED] Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] Just to reiterate - you should never pass variables that identify a certain user through forms or URLs. If you do, you leave y

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

:[EMAIL PROTECTED]] > Sent: Wednesday, September 20, 2000 3:43 PM > To: [EMAIL PROTECTED] > Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > > > Just to reiterate - you should never pass variables that identify > > a certain user through forms or URLs.

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

> Just to reiterate - you should never pass variables that identify > a certain user through forms or URLs. If you do, you leave your > system open for other people to copy those params and screw with > other's peoples records. > > Use session variables. You can store the session variables in >

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

>-Original Message- >From: Mark Warrick [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, September 20, 2000 5:06 PM >To: [EMAIL PROTECTED] >Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > >Just to reiterate - you should never pass va

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

eers.com ICQ: 346566 -- > -Original Message- > From: Chris Montgomery [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 20, 2000 2:44 PM > To: [EMAIL PROTECTED] > Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > > >

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

Zach, Good response, that explains it better than I've seen before. Thanks! Chris Montgomery [EMAIL PROTECTED] Web Development & Consulting http://www.astutia.com Allaire Consulting Partner & NetObjects Reseller 210-490-3249/888-745-7603Fax 210-490-4692 Allaire Software Sa

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

eers.com ICQ: 346566 -- > -Original Message- > From: Chris Montgomery [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 20, 2000 2:44 PM > To: [EMAIL PROTECTED] > Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] > > > > Thanks for the comeback, Ma

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

Thanks for the comeback, Mark. My comments are below. >-Original Message- >From: Mark Warrick [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, September 20, 2000 4:20 PM >To: [EMAIL PROTECTED] >Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk] >

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Encryption won't help. The problem isn't the user having the information that's in the URLToken. It's having users (perhaps inadvertently) giving that info to someone else in the form of a link. Encrypting the data doesn't make any difference in tha

RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

Hi Chris, So long as there is a way to identify the current client as the user of that URLToken, it shouldn't be a problem. For example, if you were to set a session variable. But then again, if you're using session variables, you don't need the URLToken. Another thing you can do is set a c