RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]

Wed, 20 Sep 2000 17:25:07 -0700 

So if I think this out logically, the ONLY way to ensure absolute security is if the 
user has their cookies turned on.

I guess that's the trade off - you keep your best customers secure while losing the 
occassional few that don't have cookies.

I guess you could do a cookie check to find out whether their cookies are enabled, and 
if not, direct them to a set of "less secure" templates that do the variable passing 
through URLs and Form variables.

No big deal.  I still recall the days I had to create multiple versions of sites for 
the various browsers.

--------------------------------------------------------------
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net 
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--------------------------------------------------------------


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 20, 2000 4:42 PM
> To: CF-Talk
> Subject: RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
> 
> 
> > But as someone else on the list pointed out, I think I may have
> > mistated that session variables require cookies.  That person
> > (forgot the name) said that session variables are stored in the
> > server's RAM anyway, so it shouldn't matter if they have their
> > cookies turned on or not.
> 
> Regardless of where session variables are stored (they're in server RAM),
> session variable management requires that either cookies be 
> enabled, or you
> pass the session token in the URL (or hidden form variables) on each page
> request. If your shopping cart (or whatever) is depending on session
> variables, and you aren't passing the token around (it's 
> admittedly a PIA),
> then you're losing customers. Hard to quantify how many, but you will lose
> some.
> 
> -Ron
> 
> 
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the 
body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to