Here is a link: http://www.sargeway.com/sarge/index.cfm?mode=entry&entry=21
On Tue, 7 Dec 2004 08:34:47 -0600, Raymond Camden <[EMAIL PROTECTED]> wrote: > That should be it, yes. > > > > > On Tue, 7 Dec 2004 22:34:23 +0800, James Holmes > <[EMAIL PROTECTED]> wrote: > > Is this the bug where security credentials/roles are "cached" if session > > storage is used? > > > > > > > > -----Original Message----- > > From: Raymond Camden [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 7 December 2004 10:26 > > To: CF-Talk > > Subject: Re: CFLOGIN > > > > Well, let me back up a bit. > > > > 1) The fact that CFLOGIN uses a cookie and NOT the session scope isn't a > > bug. It's just wierd. To "tie" it, you have to write custom code. Go to my > > blog and do a search for cflogin. > > > > 2) The security issue with CFLOGIN/Session HAS been posted to Macromedia.... > > I'm mostly sure about it... but I don't believe a formal bug exists in their > > system yet. I was working w/ Sarge on that and I'll have to bug him about > > that. I -can- say his blog does mention the bug in great detail. > > > > This is not what he says, but my opinion - do not use CFLOGIN/Session. > > Period. When it comes to security, you cannot be too anal. If you do use > > CFLOGIN/Cookie, be sure to remember that it is not tied by default to the > > session scope. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186445 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
