In <[EMAIL PROTECTED]>, Jeff Fongemie
([EMAIL PROTECTED]) in a fit of unbridled passion, wrote:
>
> I'm just curious, do people here always encrypt their cfm templates? I often
> don't, but I'm beginning to think it might be a good idea to start
> encrypting form action scripts.
>
> Any logic, reasoning people use for when/ when not to encrypt??
Barring any security holes on your web server, there is no real need to
encrypt your files. Encryption is usually used by folks who write
shrink-wrapped applications.
There was awhile ago a bug on IIS that allowed incoming visitors to
actually download the source code of your CF apps, bypassing CF App
Server altogether. This has long been fixed, but I'm sure there's
another bug or two similar to this yet to be exploited. The point:
Beware coding sensitive data into your CF templates. Make sure your
security is tight. (Like, don't do something dumb and allow public FTP
read access to your CFML directories!). Make sure your server is up to
date. Blah blah.
HTH,
-R
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
