Hi, Raymond said: >> <cfelseif isDefined("COOKIE.LogInID")> >> <!--- Else the cookie WAS found, so we'll step in here >> and take the cookie's LoginID value to log in --->
> What is to stop me from editing my cookie and setting my ID to be > someone else? Actually on that subject, interesting articles on securityfocus.com about Penetration Testing for Web Applications (or hacking web apps depending on what color your hat is... ) http://www.securityfocus.com/infocus/1704 WG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4