Can anyone suggest a way to hack a query that has �WHERE userid = �#CLIENT.userid#�� in CF 5 and/or MX? Another developer has an application that has sensitive customer information that is encrypted at the database level, but not at the ColdFusion level. I think this is not secure, but I want some evidence before I make an objection. Any suggestions would help.
Our client variables are contained in the Database, and the client IDs are sequential. If there is some way to externally hack and set the client variable, then a Hacker could get all customer info. Thanks, Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
