That is exactly what I do as well. Btw, I have also used hash() for passing passwords and other validators. Of course, I always wonder if what I do is the most effective way, or is it even the only way. Thank you, Teddy.
> -----Original Message----- > From: Teddy Payne [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 28, 2006 10:05 AM > To: CF-Talk > Subject: Re: URL/FORM var Obfuscation techniques > > Yeah, for PK identifiers encrypt() works pretty well. I have not really > seen other ways to hide these as you pass them between files. > > URLEncodedFormat(Encrypt(string,key)) to > Decrypt(URLDecode(url.variable),key) > is pretty common when attemtping to hide them. > > If there are other ways, I would be curious to try soemthing new. > > Teddy > > On 9/28/06, Michael E. Carluen <[EMAIL PROTECTED]> wrote: > > > > To be quite honest, its nothing really too sensitive like index ID keys > > (ie: > > product ids, employee ids, order numbers, etc). Even so, there are > > already > > layers of access security built in that validates the user to the data. > > For > > more sensitive data, I use session vars. > > What I was thinking is that to discourage potential hacks to even > consider > > looking into the URL or hidden fields on the page source to figuring > > anything out. > > 'Hope that makes sense. Thanks Teddy. > > > > > > > > > > > > > > > -----Original Message----- > > > From: Teddy Payne [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, September 28, 2006 5:41 AM > > > To: CF-Talk > > > Subject: Re: URL/FORM var Obfuscation techniques > > > > > > The question here is what are you trying to hide in the URL or a > hidden > > > form > > > field? > > > > > > Teddy > > > > > > On 9/27/06, Michael E. Carluen <[EMAIL PROTECTED]> wrote: > > > > > > > > Besides encrypt/decrypt and URLencodedformat/URLdecode, are there > are > > > > other > > > > techniques out there to obfuscate URL variables. I just wanted to > > know > > > if > > > > there are other ways to make it even more difficult for hacks to > > figure > > > > out > > > > passed URL or even hidden FORM vars. Thanks in advance. > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254675 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
