pop my apps in a new window with no controls (back forward and so on). Why?
I have business rules that I want them to have to follow. I want them to
follow a specific process for accessing and entering information.
Also as the proponent of team based development you should know that not
everyone meets the same standards. I know that if I require my developers
to encrypt urls that even if they forget something else, like checking a
role, it will get caught, because the user cannot randomly access different
parts of the application.
Someone earlier said it was useless to limit sql execution in the
administrator. Well what if your dba or dbd forgot to only give specific
grants? I know were talking about duplication of efforts to a certain
extent, however I think that you end up making your application more secure.
Like I said I only want to give the user the choices I provide them with, no
more, no less.
--
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319
The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s). Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
-----Original Message-----
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:58 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.
In what way does a bookmark make an application less secure? Wouldn't you
consider it a good idea to bookmark an application if it means the user uses
the application more? If a bookmark allows a person to access a secure
section, it should ask them for their credentials, if valid, it should let
them access it. If the bookmark allows them to bypass the security, then the
application isn't secure.
Steve Nelson
-----Original Message-----
From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:43 PM
To: CF-Talk
Subject: Re: RE: RE: Securing CF Apps.
You do realize we are talking about applications and not websites. There
is a big difference, and I've never once found it a good idea for a user to
bookmark a part of application.
-adam
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
