That should be it, yes.
On Tue, 7 Dec 2004 22:34:23 +0800, James Holmes <[EMAIL PROTECTED]> wrote: > Is this the bug where security credentials/roles are "cached" if session > storage is used? > > > > -----Original Message----- > From: Raymond Camden [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 7 December 2004 10:26 > To: CF-Talk > Subject: Re: CFLOGIN > > Well, let me back up a bit. > > 1) The fact that CFLOGIN uses a cookie and NOT the session scope isn't a > bug. It's just wierd. To "tie" it, you have to write custom code. Go to my > blog and do a search for cflogin. > > 2) The security issue with CFLOGIN/Session HAS been posted to Macromedia.... > I'm mostly sure about it... but I don't believe a formal bug exists in their > system yet. I was working w/ Sarge on that and I'll have to bug him about > that. I -can- say his blog does mention the bug in great detail. > > This is not what he says, but my opinion - do not use CFLOGIN/Session. > Period. When it comes to security, you cannot be too anal. If you do use > CFLOGIN/Cookie, be sure to remember that it is not tied by default to the > session scope. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186444 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
