on 7/10/03 9:57 AM, Raymond Camden at [EMAIL PROTECTED] wrote: > It does, unless someone decrypts your cookie. Why not simply store both > the username and password? THen the only risk is if someone hacks into > the users computer, and THEN the only thing loss is ONE account. > Currently if I decrypt your cookie I can become any account if I guess > the ID.
As a comma seperated list? Or would you just set a "COOKIE.un" and a "COOKIE.pw". Also, does anything else in the logic look fishy? It smells okay to me, but I might just be looking at it too darn much and not seeing what's right in front of me... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
