Service Pack 2 for CF 4.5 was suppose to fix the indicated 'security
vulnerability', atleast thats what I read on a message board posting.
Saul G Perez
BSC-Web Designs
E-mail: [EMAIL PROTECTED]
http://www.bsc-designs.com
-----Original Message-----
From: Consultant [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 8:00 PM
To: CF-Server
Subject: Re: encrypt values in text controls
I've heard that there are utilities on the Net which allow you to De-crypt
any CFM pages. I'm sure the encryption is not one way.
:)
----- Original Message -----
From: "McCluskey, Phil" <[EMAIL PROTECTED]>
To: "CF-Server" <[EMAIL PROTECTED]>
Sent: Wednesday, February 21, 2001 10:05 AM
Subject: RE: encrypt values in text controls
> They may use those tags internally, I'm not sure; but the admin pages are
> encrypted with the standard executable included with CF.
> (CFUSION/BIN/cfencode.exe in NT) You can also use Studio to encrypt your
> pages (using the same executable) when you are uploading them. That kind
of
> page encryption is theoretically one-way, so it can't be (legitimately)
> decoded.
>
> -----Original Message-----
> From: Consultant [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 21 February 2001 12:23 PM
> To: CF-Server
> Subject: Re: encrypt values in text controls
>
>
> Thanks Phil, It worked!!!!
>
> By the way, is this the tag the Allaire people used for their CF Admin
> Pages? ;)
>
> ----- Original Message -----
> From: "McCluskey, Phil" <[EMAIL PROTECTED]>
> To: "CF-Server" <[EMAIL PROTECTED]>
> Sent: Wednesday, February 21, 2001 5:59 AM
> Subject: RE: encrypt values in text controls
>
>
> > rather than encrypt and decrypt, you can use CFusion_Encrypt() and
> > CFusion_Decrypt(). These are undocumented and not supported. The
> encrypted
> > string is twice the length of the original, and you won't have issues
with
> > quotes, hashes or spaces in the encrypted strings.
> >
> > -----Original Message-----
> > From: Consultant [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, 20 February 2001 11:23 PM
> > To: CF-Server
> > Subject: encrypt values in text controls
> >
> >
> > Hi all:
> >
> > I wonder if anybody use encryptions on text inputs ?
> > e.g <input type="text" value= #encrypt("12345", "mySecretKey")#>
> >
> > There is a problem with such approach, though, sometime the encrypted
> values
> > may contain one or more double/single quotes, which will cripple the
> entire
> > <input> control.
> > e.g <input type="text" value="xcr3'##$2'"'fddf"dfdsp2">
> >
> > ---By using URLEncodedFormat--
> > I tried to use URLEncodedFormat, however, once the value is passed to
the
> > action page, I have no way to url-Decode the encoded (and encrypted)
> value.
> >
> > Is there any way to ensure that the encrypted values are Safe to use
> (pass)
> > with the <input> control ?
> >
> > I'm sure there are lots of people out there use some sort of encryption
on
> > their hidden controls, Please share it with us :)
> >
> > Thanks in advance!
> >
> > FCF
> >
> >
> >
>
> --------------------------------------------------------------------------
> --
> > --
> > To unsubscribe, send a message to [EMAIL PROTECTED]
with
> > 'unsubscribe' in the body or visit the list page at
www.houseoffusion.com
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
