It has just hit me that AJAX may not be all that safe. One could derive all that is being passed in an AJAX request by using view souirce and nabbing any included JS files. Once you had that info you could then figure out what's being sent in the request (i.e. variable names etc.).
So in the case of an AJAX call that perhaps sends form contents to be inserted into the DB....what's to stop someone from reverse engineering your AJAX call and start inserting their own data?? I'm not readily seeing in the AJAX code where the domain is specified (my guess is programatically) as there is no domain setting....just which CFC/CFM file to call. I'm still working out the kinks....I love the possibilities of CFAJAX.....but this security issue (if it really is one) has me a bit spooked ;-) TIA Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228273 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
