security question

Hey gang out there in CF land, Got a question for a security application I am doing up, plus also cure my curiousity. You see the security app I am building I would like to include some sort of safeguard that allows or prevents people from collecting emails, but in order to do that I need to k

Security Question

Just wanted some input from the list We have a security system on our site. User ids and passwords are stored in a SQL 7 DB. My question is how do you secure it? Because of IS policies, access to the database is based on mixed SQL and NT authentication. Password protecting the database and th

RE: security question

-Original Message- > From: michael firth [mailto:[EMAIL PROTECTED]] > Sent: 27 November 2002 00:43 > To: CF-Talk > Subject: security question > > > Hey gang out there in CF land, > > Got a question for a security application I am doing up, plus > also cure my

RE: security question

ailto:[EMAIL PROTECTED]] Sent: 27 November 2002 11:32 To: CF-Talk Subject: RE: security question Email addresses are usually gathered using a "spider" http://www.whatis.com/definition/0,,sid9_gci213035,00.html , which grabs pages and takes out the email addresses on it. Sometimes people

OT: security question

Hello All, I have a security issue that I need to do some research on. I have a webserver outside the firewall, and in my application I need to access a directory on a server that is inside the firewall. Any ideas on the most secure way to do this? Running win2k and mx. Thanks,

Newbie Security Question

I've been watching this list for a while and reading what I can find. Yet I'm still stuck. Please tell me if I've missed something. I have an application where I want the user to see only those sql records (using MS SQL 7.0) where a certain field is equivalent to their NT user id. It seems fro

RE: Security Question

pt the password field, but I can't put my finger on them right now. -Original Message- From: Saidi; Marwan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:22 PM To: CF-Talk Subject: Security Question Just wanted some input from the list We have a security system on ou

Re: Security Question

Marwan, There is a new function add to CF 4.5.1 called hash(). It is mentioned in the release notes. hash() creates an MD5 Hash of the what ever string you feed it. I use this function to encrypt the passwords of my users before I write to the DB. This works quite well for me. Josh Meekhof

Security Question - Revisited

Good day all, Yesterday, Joshua Meekhof suggested using the hash() function to hash up user passwords before inserting them into the database. Seems like this would work. However, when I try it, it fails. Maybe I am doing something wrong. Here is the code: Password: This goes to action page:

Advanced Security question

I am trying to set up and Intranet to use the NT SAM database for user authentication so as to know which database records the employee has access to. We have a domain with all employees obviously able to log into the domain. I am trying to set up the Advanced Security but I am unsure where to s

Another Security Question...

I figured out the other Advanced Security issue and I wanted to say thank you. Now I have another question. I have a Security context with all Domain Users allowed the access the application. No problem there. NOW, I want to limit a part of the application to just a certain subset of domain us

RDS Security Question

Ok, I'm working on a dev server with the following structure: D:\ is the partition with the data on it.  Under D:\ there are the SQL database files as well as other miscellaneous stuff that the average person doesn't need to deal with.  Then there's a "websites" directory. Basically, management

Re: Newbie Security Question

elene" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, November 14, 2000 9:41 AM Subject: Newbie Security Question > I've been watching this list for a while and reading what I can find. Yet > I'm still stuck. Please tell me if I'

Re: Newbie Security Question

SELECT * FROM Your_Table WHERE YourColumn1 = 'foo' AND USERNAMEFIELD = '#this is what I'm missing#' best, paul At 09:41 AM 11/14/00 -0600, you wrote: >I've been watching this list for a while and reading what I can find. Yet >I'm still stuck. Please tell me if I've missed something. I have

RE: Newbie Security Question

, November 14, 2000 11:30 AM To: CF-Talk Subject: Re: Newbie Security Question You could save their NT user ID in a session variable and refer to that everytime you want to run a query. Kevin Schmidt Internet Services Director PWB Integrated Marketing and Communications Office: 734.995.5

Re: Newbie Security Question

Have you tried using #cgi.authuser#?, or is it auth_userI can never remember and have to always test it or look it up. -d Deanna Schneider Interactive Media Developer UWEX Cooperative Extension Electronic Publishing Group 103 Ext

RE: Newbie Security Question

hneider [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 14, 2000 10:25 AM To: CF-Talk Subject: Re: Newbie Security Question Have you tried using #cgi.authuser#?, or is it auth_userI can never remember and have to always test it or

RE: Newbie Security Question

PROTECTED]] Sent: Tuesday, November 14, 2000 10:25 AM To: CF-Talk Subject: Re: Newbie Security Question Have you tried using #cgi.authuser#?, or is it auth_userI can never remember and have to always test it or look it up. -d *

Re: Security Question - Revisited

Marwan, Here's how I take care of the situation. The database field that stores your password needs to be a 32 (var)character. When validating a user I select based upon the username only, and then I compare the database password with the hashed user password. Something like the following is h

RE: Security Question - Revisited

PROTECTED]] Sent: Thursday, April 26, 2001 7:40 AM To: CF-Talk Subject: Security Question - Revisited Good day all, Yesterday, Joshua Meekhof suggested using the hash() function to hash up user passwords before inserting them into the database. Seems like this would work. However, when I try it, it

RE: Security Question - Revisited

PROTECTED]] Sent: Thursday, April 26, 2001 12:13 PM To: CF-Talk Subject: RE: Security Question - Revisited I have not used the hash function but this is the code straight from allaires website: I beleive your code should work. Do you have CF Server 4.5? (use

RE: Advanced Security question

whitepaper is good on explaing theat bit :-) -Original Message- From: Vance Duke [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 8:49 PM To: CF-Talk Subject: Advanced Security question I am trying to set up and Intranet to use the NT SAM database for user authentication so as to know

RE: Another Security Question...

I suggest reading Ben Forta's books, these questions are covered in the Advanced Coldfusion Application Development book -Original Message- From: Vance Duke [mailto:[EMAIL PROTECTED]] Sent: 06 March 2001 08:55 To: CF-Talk Subject: Another Security Question... I figured ou

Re: Another Security Question...

Thanks. But until I can get a copy of the book, can someone help me with the question? Thanks, Vance Duke - Original Message - From: "Scott, Andrew" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 06, 2001 4:37 PM Subjec

RE: RDS Security Question

> Ok, I'm working on a dev server with the following structure: >   > D:\ is the partition with the data on it. Under D:\ there are > the SQL database files as well as other miscellaneous stuff > that the average person doesn't need to deal with. Then there's > a "websites" directory. Basically,

NETSCAPE SUITE SPOT SECURITY QUESTION

This is a multi-part message in MIME format. --AAED047E1014EFB5097E7D24 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit How old is the security issue with Netscape's suite spot that deals with the %20 at the end of URL. ** For