How would you do this on a solaris install?
Stop the CF Server, edit the cf.registry file so that it has the new key and
value, and restart CF. I haven't tried it on Solaris, but it's supposed to
work there too.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
How would you do this on a solaris install?
Ken Wilson wrote:
You just have to create it. Works great.
Ken
-Original Message-
From: Douglas Brown [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 04, 2001 9:51 PM
To: CF-Talk
Subject: Re: CFToken and CFID not secure for
Hello All,
CFTOKEN AND CFID according to Macromedia's own admission and our own internal testing
is not secure enought for a web applications where credit card data
and money is involved. Goto a site like Amazon and notice the session ID they use are
not a wimpy numeric string, they use a
Hmmm, interesting comment.
What I assume to be my SessionID from my current Amazon.com sessions:
IE Session: 104-8981534-3506318
NS6 Session: 102-524-0108134
CFTOKENs for my current sessions on my CF Server:
IE Session: 3c154df-3b8b20b0-54b8-4cfa-8ebb-be0b2ac13e32
NS6 Session:
Hmmm, interesting comment.
What I assume to be my SessionID from my current Amazon.com
sessions:
IE Session: 104-8981534-3506318
NS6 Session: 102-524-0108134
CFTOKENs for my current sessions on my CF Server:
IE Session: 3c154df-3b8b20b0-54b8-4cfa-8ebb-be0b2ac13e32
NS6
Yeah, probably wasn't fair to use that example without explaining the
background. Are you aware of any drawbacks to using this rather than the
default method? Seems like it should be setup that way by default or at
least should be configurable via the CFAdmin given the ease of guessing the
other
Well you were able to modify the registry in CF 4.5.1 and use the uuidToken
which would be alphanumeric and identical in structure to a regular uuid. I
looked in the registry for 5.0 and can no longer find the correct key.
Doug
- Original Message -
From: Ken Wilson [EMAIL PROTECTED]
You just have to create it. Works great.
Ken
-Original Message-
From: Douglas Brown [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 04, 2001 9:51 PM
To: CF-Talk
Subject: Re: CFToken and CFID not secure for ecommerce
Well you were able to modify the registry in CF 4.5.1 and use
Yeah, probably wasn't fair to use that example without explaining
the background. Are you aware of any drawbacks to using this
rather than the default method? Seems like it should be setup that
way by default or at least should be configurable via the CFAdmin
given the ease of guessing
I'm not sure why it's not the default, either;
my guess is backward-compatibility.
That would make sense. I've heard mention of needing to increase the DB
field size to accomodate the extended length. I've always found (v4.5+ at
least) that CF created fields of proper size even before making
10 matches
Mail list logo
