I didn't mean your comment was scary - I was referring to the article about how to steal sessions..
At 09:07 PM 9/24/2008, heath stein wrote: >Yes, that was not one of the smartest comments i >have ever posted, I was trying to come up with a >solution for getting around having to send >cookies through ssl to make them secure. But my >solution was not very thought out. > > > >Dave, > > That is one of the scariest things I ever read :) > > Heath - If I am reading this correctly, encrypting the cookie > >doesn't matter. They can just get your encrypted cookie and use it > >as is, they do not need to unencrypt it. > > > > > > > >>Thanks Dave, > >> > >>Do you think encrypting the cookie values would be acceptable way of > >>securing the session? > >> > >>Heath > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:313039 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
