On Monday, July 14, 2003, at 01:19 AM, Sean A Corfield wrote: > This is cool but what's to stop users from maliciously putting > flushinit=true on the URL and repeatedly forcing your application to > re-initialize? Just curious...
The same thing that prevents users from maliciously screwing with any query string or launching any type of DOS attack against any server: nothing. The theory is that the general public wouldn't know that adding "flushinit=true" to your query string would reinitialize your app. If someone wants to use the tag but is concerned about security, it's easy to: 1. Change "flushinit" to something more obscure (which is what I have done in my applications that use it). 2. Require that the request come from a specific IP address. 3. Remove the functionality altogether. Christian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
