Hi,
Raymond said:
>> <cfelseif isDefined("COOKIE.LogInID")>
>> <!--- Else the cookie WAS found, so we'll step in here
>> and take the cookie's LoginID value to log in --->
> What is to stop me from editing my cookie and setting my ID to be
> someone else?
Actually on that subject, interesting articles on securityfocus.com about
Penetration Testing for Web Applications (or hacking web apps depending on
what color your hat is... )
http://www.securityfocus.com/infocus/1704
WG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community.
http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
