Re: RE:

Fri, 08 Sep 2000 07:26:47 -0700 

Cookies are no more secure than URL params if you're worried about
"sniffing".  Both are sent to the web server as plain text.  The URL
parameters are in the GET or POST clause while the cookies are in a COOKIE
header.  In both cases, though, you can create a server side var which
includes the browser IP address if you want to make things more secure (so
that another browser would not be able to use hijack the session).

Regards,

Howie

----- Original Message -----
From: "Olive, Christopher M Mr NMR" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 08, 2000 9:35 AM
Subject: RE:


> right.
>
> i'll wrap my reply to you and mr hanlin into one response.
>
> the USUALLY rely on cookies.  as in, this is the default behaviour.  one
has
> to add code to get them to be passed in the URL.
>
> perhaps i'm paranoid, but i prefer the cookie method from a security
> standpoint.  it's too easy to sniff a URL and snatch someone's ID that
way.
> spoofing a session becomes as easy as writing to a text file.
>
> Chris Olive,
> DOEHRS Website Administrator
>
> -----Original Message-----
> From: JustinMacCarthy [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 08, 2000 9:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re:
>
>
> Eh... no they don't , you can use CFID , CFTOKEN (UrlToken) in the URL
> instead......
>
> They CAN use cookies , but that is something different...
>
> ~Justin MacCarthy
>
> From: "Olive, Christopher M Mr NMR"
>
> > um...you do understand that client and session >variables rely on
cookies,
> > right?  specifically, CFID and CFTOKEN.
>
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
  • RE: Olive, Christopher M Mr NMR
    • Howie Hamlin

Reply via email to