Hello All, CFTOKEN AND CFID according to Macromedia's own admission and our own internal testing is not secure enought for a web applications where credit card data and money is involved. Goto a site like Amazon and notice the session ID they use are not a wimpy numeric string, they use a long alpha-numeric string. CFToken and CFID is so easy to break it is amazing. First of all most of your administrators will be the lower numbered CFID's due to the nature of how they are handed out, that leaves only the cftoken for security purposes and it being a numeric value only is less than secure.
Don't leave yourself open to hacking avoid relying on CFToken and CFID to track secure sessions. Cheers, Mike Randolph AbleCommerce, CEO P.S. We respect our clients data and have never relyed on CFTOKEN and CFID, our testing showed them to be way to insecure. Thats the AbleCommerce difference...We think, we test, we don't just copy, hack, sell and hope. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
