Is this the bug where security credentials/roles are "cached" if session storage is used?
-----Original Message----- From: Raymond Camden [mailto:[EMAIL PROTECTED] Sent: Tuesday, 7 December 2004 10:26 To: CF-Talk Subject: Re: CFLOGIN Well, let me back up a bit. 1) The fact that CFLOGIN uses a cookie and NOT the session scope isn't a bug. It's just wierd. To "tie" it, you have to write custom code. Go to my blog and do a search for cflogin. 2) The security issue with CFLOGIN/Session HAS been posted to Macromedia.... I'm mostly sure about it... but I don't believe a formal bug exists in their system yet. I was working w/ Sarge on that and I'll have to bug him about that. I -can- say his blog does mention the bug in great detail. This is not what he says, but my opinion - do not use CFLOGIN/Session. Period. When it comes to security, you cannot be too anal. If you do use CFLOGIN/Cookie, be sure to remember that it is not tied by default to the session scope. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186443 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
