What does that have to do with a site that is online? That's a pretty bad excuse, in my opinion, to just leave it wide open to the world...the information you give management should suffice. If they don't trust what you have to say, what's the point in having you as an employee...they did hire you for your expertise. That would be like setting up a wireless network and not using wep to start out with and just leaving it open because your WPA-PSK server isn't set up yet.
My main issue is that it creates ugly urls. You ever try and paste one of those in an email? Most of them wrap the text and that doesn't get included in the link the email program produces. An attractive site is part of the game we play here...urls included. Obscurity is small bit of security in that it does keep the honest folks honest. Even people that know what they are doing would at least have to take some action to find the values. Putting it all in the url is doing their job for them. I wouldn't transfer bank accounts or credit cards with just this alone...I definitely wouldn't do it, even encrypted, in a url at any time. Eric -----Original Message----- From: Jim Davis [mailto:[EMAIL PROTECTED] Sent: Sunday, March 04, 2007 6:52 PM To: CF-Talk Subject: RE: Why does IE s*(k... let me count the ways. > -----Original Message----- > From: Eric Roberts [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 04, 2007 7:38 PM > To: CF-Talk > Subject: RE: Why does IE s*(k... let me count the ways. > > So that is better than none at all how? No security is better than the illusion of security when none exists in almost every case. When you have the illusion of security it's more difficult to get funding for real security. It's more difficult to convince management that there's a problem. Maybe I'm just grumpy because I had to spend a good chunk of last week trying to convince a group of middle-managers that their system wasn't secure. All they included was URL referrer checking - and they felt (very strongly it turns out) that the measure was "good enough" to protect social security data and HIPPA-covered information. When you have no security and no "obfuscation" for non-technical folks to confuse with security it's much easier to get funding and convince people that there's a need to address. At least that's been my experience. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271479 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
