>
> So what is the best way to pass a variable between 2 pages?
>
> Using SSL, encrypting/decrypting a session variable (or CFID
> CFTOKEN)?
If you're worried about third parties being able to view HTTP requests and
responses between the client and server, use SSL. I can't see why you'd
want to encrypt and decrypt session variables, since they're stored in
server memory. If you're concerned that the client might be able to see
values that you send to it, you might encrypt and decrypt values received
from the browser, although I don't think that's especially useful. In
general, if something is sensitive enough that it shouldn't be sent to the
client, don't send it to the client.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
