RE: SSL Necessary? Important?

Oh, come on James! What's a little cannibalism between friends! :o) > -Original Message- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 6:44 PM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > Depending on local laws

Re: SSL Necessary? Important?

From: Claude Schneegans [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 25, 2008 1:36 PM > > To: CF-Talk > > Subject: Re: SSL Necessary? Important? > > > > >>IN NO EVENT WILL ZILLOW.COM OR ANY SUPPLIER BE LIABLE FOR > > ANY DAMAGES > > > >

RE: SSL Necessary? Important?

isk if somebody finds out about their user name and password and abuses it. At least that's my take... Rick > -Original Message----- > From: Todd [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 12:52 PM > To: CF-Talk > Subject: Re: SSL Necessary? Important

RE: SSL Necessary? Important?

Russian Roulette and hoping we're not the one facing a round in the chamber. Rick > -Original Message- > From: Claude Schneegans [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 1:36 PM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > >>I

RE: SSL Necessary? Important?

> Here's some of the "Terms" for use of Zillow.com... a Real > Estate listing website. > > 9. LIABILITY LIMITATION; EXCLUSIVE REMEDY. IN NO EVENT WILL > ZILLOW.COM OR ANY SUPPLIER BE LIABLE FOR ANY DAMAGES ... > > Now that pretty iron-clad legally, I think, that no matter > what you do, passwo

Re: SSL Necessary? Important?

>>IN NO EVENT WILL ZILLOW.COM OR ANY SUPPLIER BE LIABLE FOR ANY DAMAGES I'm sorry, but just from the very begining, this statement has absolutely no value. I hope you didn't pay a lawyer to write it. Nobody can state, in advance on not that "he is not liable or responsible". ONLY a judge in cou

Re: SSL Necessary? Important?

I'm not sure how Zillow.com's terms supports your "My strong password or else" argument (which is what I thought this was) as all you did was show me their terms of use. Now try to find one one here - http://www.sharebuilder.com/sharebuilder/Security/Default.aspx I can choose any password I want

RE: SSL Necessary? Important?

> Anyway, the problem with strong passwords is they're not > easily, if at all, memorable. That doesn't have to be true: http://en.wikipedia.org/wiki/Passphrase Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instructio

Re: SSL Necessary? Important?

I can assure you that I'm not your wife and there are some areas where I'm very cut to the chase and other areas where I have learned to be more flexible I guess. :) On Jan 25, 2008 11:40 AM, Rick Faircloth wrote: > You sound like my wife who's always telling me to be more civil and stop > that "

RE: SSL Necessary? Important?

IL PROTECTED] > Sent: Friday, January 25, 2008 11:04 AM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > Rick, > > I get it. I do. What I'm suggesting is instead of cramming down a password > down the throat to use clearly written english description of wh

RE: SSL Necessary? Important?

count, I wouldn't have a clue for awhile. Rick > -Original Message- > From: Todd [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 11:04 AM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > Rick, > > I get it. I do. What I

Re: SSL Necessary? Important?

Rick, I get it. I do. What I'm suggesting is instead of cramming down a password down the throat to use clearly written english description of what a STRONG password would be and to use validation to determine what's a strong / weak passwords. There's plenty of javascript / serverside validatio

RE: SSL Necessary? Important?

> From: Todd [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 9:35 AM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > Would you consider gmail to be pretty important if you used it daily like I > do? Let's take a look at what Google says in their

Re: SSL Necessary? Important?

Would you consider gmail to be pretty important if you used it daily like I do? Let's take a look at what Google says in their EULA: = 6. Your passwords and account security 6.1 You agree and understand that you are responsible for maintaining

RE: SSL Necessary? Important?

f a poor choice which leads to your ruin. I'm not going down with you... I think that's fair. I'll be most EUA's have something like that buried in their "legalize". Thoughts? Rick > -Original Message- > From: Todd [mailto:[EMAIL PROTECTED] > Se

Re: SSL Necessary? Important?

Rick, is it really not possible to compromise? It's one thing to enforce and shove a password down my throat... it's something else to educate the end-user on what a "strong" password is. On Jan 25, 2008 8:46 AM, Rick Faircloth <[EMAIL PROTECTED]> wrote: > No problem... if you won't let me choos

RE: SSL Necessary? Important?

Message- > From: Rick Root [mailto:[EMAIL PROTECTED] > Sent: Friday, January 25, 2008 8:20 AM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > On 1/24/08, Rick Faircloth <[EMAIL PROTECTED]> wrote: > > One solution that I have used is to allow users to choose

Re: SSL Necessary? Important?

On 1/24/08, Rick Faircloth <[EMAIL PROTECTED]> wrote: > One solution that I have used is to allow users to choose their username, > usually just their email address, but I force a very strong password > on them generated with CF. Nothing annoys me more, personally, than a web site that won't let m

RE: SSL Necessary? Important?

> Is the SSL encryption overkill for something like this? Or > would it be advisable? How big a security risk is there for > personal info like this? The security risk is probably acceptable for your client, even if they don't know that. However, it's so cheap to use SSL that you might as well

Re: SSL Necessary? Important?

On 1/24/08, Dawson, Michael <[EMAIL PROTECTED]> wrote: > It doesn't matter whose responsibility it is. If a bank account gets > hacked because of the church's web site, it will hurt the credibility of > the church. Yeah but God will protect them from that. Damn, now I'm going to hell. -- Rick

Re: SSL Necessary? Important?

>>In a world of paranoia, SSL is *NEVER* overkill for protecting logins of any kind. provided you assume paranoia... -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [

RE: SSL Necessary? Important?

, but it's for their protection and mine. And if they forget that password, the system simply issues another equally strong one. Rick > -Original Message- > From: Todd [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 2:58 PM > To: CF-Talk > Subject: Re: SSL

Re: SSL Necessary? Important?

Yeah, I will agree with that. I'm two minds of this apparently. It's one thing if a simple forum has my username/password stolen, quite something different if my SSN was stolen. My co-worker gave the argument that if a username/password can be traced back to you and additional information can be

RE: SSL Necessary? Important?

r guy even if the other guy gots not smarts. M!ke -Original Message- From: Todd [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:58 PM To: CF-Talk Subject: Re: SSL Necessary? Important? o_O Mike, if your bank account gets hacked dude because YOU used the same username/passwor

RE: SSL Necessary? Important?

o: CF-Talk Subject: Re: SSL Necessary? Important? >>Then, I sign up for your church's web site and use the same username and password combination. Now, if someone sniffs that unsecured connection, they now have my bank username and password. Ok, but it is not the church responsibilit

Re: SSL Necessary? Important?

On 1/24/08, Todd <[EMAIL PROTECTED]> wrote: > While I agree that account identifying information should be encrypted in > the database, I don't agree that the church is responsible for the end > user's stupidity of using the same username/password for every website out > there. I would agree, I us

Re: SSL Necessary? Important?

o_O Mike, if your bank account gets hacked dude because YOU used the same username/password for every site the only person to blame here is YOU. I'm sorry, but this thinking is just way backwards. Should the church also be responsible if someone stole your ATM card and the PIN number just happen

RE: SSL Necessary? Important?

>While I agree that account identifying information should be encrypted in the database, I don't agree that the church is responsible for the end user's stupidity of using the same username/password for every website out there. I agree, but tell this to all of the non-techies out there. We run ac

RE: SSL Necessary? Important?

Very true... thanks, Michael. Rick > -Original Message- > From: Dawson, Michael [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 9:58 AM > To: CF-Talk > Subject: RE: SSL Necessary? Important? > > I don't think SSL is always necessary. It depends on

Re: SSL Necessary? Important?

On Jan 24, 2008 9:57 AM, Dawson, Michael <[EMAIL PROTECTED]> wrote: > For example, I may log in to my bank's web site using "michael" and > "password". The bank's web site is secure so I no worry. > > Then, I sign up for your church's web site and use the same username and > password combination.

Re: SSL Necessary? Important?

>>Then, I sign up for your church's web site and use the same username and password combination. Now, if someone sniffs that unsecured connection, they now have my bank username and password. Ok, but it is not the church responsibility to protect you bank username and password. It's your proble

RE: SSL Necessary? Important?

I don't think SSL is always necessary. It depends on the content. However, it is pretty common that many people use the same username and password for many different systems. For example, I may log in to my bank's web site using "michael" and "password". The bank's web site is secure so I no wo

Re: SSL Necessary? Important?

Rick, Don't believe anything dave says. He's just disrupting again. Anyway, do *I* look like I would make fun of you? :) Will ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Fr

RE: SSL Necessary? Important?

'll come in soon. Wouldn't want to miss it, you know! > -Original Message- > From: Dave l [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 23, 2008 8:54 PM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > umm sha i meant > > > Will is tryi

Re: SSL Necessary? Important?

lol, so prove me wrong!!! captain lady killer ;)~ >Rick, > >Don't believe anything dave says. He's just disrupting again. > >Anyway, do *I* look like I would make fun of you? :) > >Will ~| Adobe® ColdFusion® 8 software 8 is

Re: SSL Necessary? Important?

Will is trying to make fun of u (yes again) but the way I look at it at least you have more than 1 client, he can't say that :) You can use ssl on there with no big deal. If you aren't encrypting your passwords then sure it could be a big deal if someone gets ahold of their username and password

Re: SSL Necessary? Important?

umm sha i meant > Will is trying to make fun of u (yes again) but the way I look at it > at least you have more than 1 client, he can't say that :) > > You can use ssl on there with no big deal. > If you aren't encrypting your passwords then sure it could be a big > deal if someone gets ahold o