> On Mon, 22 Jul 2002, S. Isaac Dealey wrote: >> >> I worked for a while at an education-management company ( they manage >> k-12 schools for people who own / operate them, but don't know what >> they're doing :) where I found username and password (among other >> things) in a dump of the session structure... ick... guess the >> management company didn't really know what they were doing either. :) >> >> Isaac Dealey
> Username / id I can see. Password I never put in any scope. I'm curious, why username? In this particular case it was a blunder -- the username wasn't ever used anywhere outside of the login, so there was no need to have it as a persistent variable... and I generally try to avoid using either of them anywhere outside of the login page just to keep code and security tidy. :) Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
