> -----Original Message----- > From: Eric Roberts [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 04, 2007 7:00 PM > To: CF-Talk > Subject: RE: Why does IE s*(k... let me count the ways. > > How is that? It at least has a level of obscurity. You would have to > know > that form vars are there in the first place to know what to grab...and > then > you would have to know the field names to address them. With a URL...it's > all right there for the world to see. While it may not be Fort Knox level > of security...it's better than absolutely nothing at all.
Traditional wisdom is that security through obscurity isn't security. The idea that "well, at least it'll catch the casual thieves" may have some "feel good" merit, but in the real world it's real thieves that should really concern you. But to address your concern: even the simplest debugger or http sniffer will show you all the information. The various "Web Developer" extensions available free for the major browsers all do this (some even let you modify the information before it's sent on to the server). In the end any measure that gives a false sense of security without actually improving security is WORSE than nothing at all. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271463 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
