RE: [CF-Talk] RE: Ben Forta, I call on thee (was: What is Fusebox) -- Reply to Dave Watts.

Tue, 19 Sep 2000 19:34:28 -0700 

The fuseactions are simply switches and are irrelevant to obvious security measures 
that should be taken regardless of the development platform or coding methodology.  If 
the application is poorly written, it won't matter whether it's in the fusebox style 
or not.

---mark

--------------------------------------------------------------
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net 
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--------------------------------------------------------------


> -----Original Message-----
> From: Evan Lavidor [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 19, 2000 7:15 PM
> To: [EMAIL PROTECTED]
> Subject: [CF-Talk] RE: Ben Forta, I call on thee (was: What is Fusebox)
> -- Reply to Dave Watts.
> 
> 
> From Dave Watts' message:
> > a) using Fusebox
> > 1. index.cfm?fuseaction=left_nav
> > 2. index.cfm?fuseaction=main
> > 3. index.cfm?fuseaction=cmd_frame
> > 4. index.cfm?fuseaction=data_frame
> > 5. index.cfm?fuseaction=socket_frame
> 
> A question I've had about Fusebox and security/stability.  In some
> enterprise sites I've dealt with I've found it a good practice not to pass
> variables along the URL if possible.  It becomes very easy for someone to
> "break" the app by altering URLs - something they actually have access to,
> as opposed to FORM variables, (or session & client vars, etc.).  If
> fuseactions are passed through the URL, doesn't this lead to the same
> "instability"?
> 
> Evan
> 
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the 
body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to