> My issue with <cfquery> is that you are exposing your db design.
> It's alot harder to hack a db is you dont know the table and
> column names.
huh?
> As for encrypting the fuseaction, the question is why not?
Because it's useless.
Let's think this through:
I have a fuseaction called "products.list"
It encrypts to "wafiawjfw"
I type in "wafiawjfw" in the url.
It lists the products.
Where's the security?
Users
> can start throwing errors by trying different fuseaction calls.
> Which in turn could expose too much info if you dont have a site
> wide error handler.
Let me get this straight. I should waste time encrypting urls, and yet be stupid enough not to have an error handler.
Let's think this one through:
I type in "wiejfiawefijwf", which doesn't decrypt properly.
The site then throws an error, and since I don't have a site wide error handler, it exposes a whole bunch of information.
Where's the security?
The topic of this thread is securing cf apps.
> Although it may not be 100% necessary, it sure doesn't hurt.
It doesn't help either.
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Securing CF Apps. Matt Liotta
- Re: Securing CF Apps. Adrocknaphobia
- Re: Securing CF Apps. Matt Liotta
- RE: RE: Securing CF Apps. Tangorre, Michael
- Re: Securing CF Apps. Adrocknaphobia
- Re: Securing CF Apps. Adrocknaphobia
- RE: Securing CF Apps. Barney Boisvert
- Re: Securing CF Apps. Matt Liotta
- RE: RE: Securing CF Apps. Burns, John D
- RE: Securing CF Apps. Tony Weeg
- Re: RE: Securing CF Apps. Kwang Suh
- Re: RE: Securing CF Apps. Kwang Suh
- RE: RE: Securing CF Apps. Paul Vernon
- RE: Securing CF Apps. Tim Blair
- Re: Securing CF Apps. Adrocknaphobia
- RE: Securing CF Apps. Kwang Suh
- Re: Securing CF Apps. Adrocknaphobia
- Re: Securing CF Apps. Matt Liotta
- RE: Securing CF Apps. Tangorre, Michael
- Re: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Heald, Tim