> you use the Coldfusion encrypt function, you just transmitted > all your data in CLEAR TEXT over the internet to the server > where the data will be encrypted, encrypting your data with > CF encrypt function should only be used AFTER you have > transmitted your data, SECURELY, over the internet.
Correct, that is why you would purchase and install an SSL certificate on your web server. That secures the connection between the client and the server so it's not sent as "clear text" over the network. Then you would encrypt the data before storing it somewhere. > question, how is security done on the client prior to > transmission, is JavaScript the main way? I will use an > SSL certificate, but I also want to further encrypt the Frankly, that's what SSL is for. In all my years of development I have never been in a situation where SSL wasn't "good enough" to secure the data going between the browser and the server. Many of the ecommerce gateways run by payment processors just have you send a plain-text XML package over an HTTPS connection these days. What kind of information are you so anxious about protecting? -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286832 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
