The point is you have to jump through hoops to make cookies secure... Why not just have a best practice not to store stuff in cookies, and to use client variables instead, so that people not well versed in security can build more secure sites then they would otherwise?
-----Original Message----- From: Ryan Guill [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 10:35 AM To: CF-Talk Subject: Re: pseudo-memory leak You would still use a hashed password that you wouldnt be able to guess, plus you could also seed the userid before the hash. or like I said before, use a uuid for the userid. You wouldnt be guessing either one. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225586 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
