on 7/10/03 10:11 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> I'd see Thomas' reply on storing the hashed version of the password.
> This is better than my method. As for the mechanics of the cookie, you
> can either store one cookie, and then simply say the first 50 chars are
> username, the rest password, or use two passwords. I like to be anal, so
> if I am storing a sensitive piece of info, I won't use an obvious cookie
> name. You can also do stuff like:
>
> Take username, pad it to 50 chararacters, add hashed password, reverse
> the entire string. Etc.
>
> It won't stop the determined hacker, but it will stop a script kiddie
> most likely.
>
Well, I added everything youse guys have said so far, and I'm sure it will
work, but I still don't get redirected to my login page when I try to access
my admin directory with not a cookie in sight, and not coming from the login
form. I'm sticking little flag variables in places that look suspicious and
I'm trying to redirect that way.
Even odder, in the top of each page template (I know I know, it could go in
the application.cfm, but not all pages need to be protected) I put a couple
of lines of code that read:
<cfif GetAuthUser EQ "">
<cflocation url=login.cfm">
</cfif>
So at the very least, when I try to access ".../admin/" and my default doc
is 'index.cfm' and I've got that little line of code in, and I clear all my
cookies, I should AT LEAST be going to the login page just from that little
bit of code there...
<belushi>"but noooooooo..."</belushi>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics.
http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
