RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

Wed, 20 Sep 2000 17:04:00 -0700 

Good point.

Do you have any clues as to how one might duplicate those session variables over to 
the next server?

---mark

--------------------------------------------------------------
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net 
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--------------------------------------------------------------


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 20, 2000 4:13 PM
> To: CF-Talk
> Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
> 
> 
> Session variables are nice, just remember that once you go to multiple
> servers to scale, you may have issues unless you use "stick
> servers/sessions" because as the user hops servers, the variables 
> may/not be
> on the machine they hop to.
> 
> --Doug
> 
> -----Original Message-----
> From: Mark Warrick [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 20, 2000 3:06 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
> 
> 
> Just to reiterate - you should never pass variables that identify 
> a certain
> user through forms or URLs.  If you do, you leave your system 
> open for other
> people to copy those params and screw with other's peoples records.
> 
> Use session variables.  You can store the session variables in 
> the registry
> or in a database if you're worried about people not having cookies turned
> on, but I really wouldn't worry about the cookie-fearing types and the
> browsers that don't accept cookies.  (God, do those browsers still exist?)
> 
> ---mark
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the 
body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to