How would you do this on a solaris install? Ken Wilson wrote:
> You just have to create it. Works great. > > Ken > > -----Original Message----- > From: Douglas Brown [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 04, 2001 9:51 PM > To: CF-Talk > Subject: Re: CFToken and CFID not secure for ecommerce > > Well you were able to modify the registry in CF 4.5.1 and use the uuidToken > which would be alphanumeric and identical in structure to a regular uuid. I > looked in the registry for 5.0 and can no longer find the correct key. > > Doug > > ----- Original Message ----- > From: "Ken Wilson" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, December 04, 2001 6:39 PM > Subject: RE: CFToken and CFID not secure for ecommerce > > > Yeah, probably wasn't fair to use that example without explaining the > > background. Are you aware of any drawbacks to using this rather than the > > default method? Seems like it should be setup that way by default or at > > least should be configurable via the CFAdmin given the ease of guessing > the > > other method. > > > > Ken > > > > > > > > -----Original Message----- > > From: Dave Watts [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 04, 2001 9:27 PM > > To: CF-Talk > > Subject: RE: CFToken and CFID not secure for ecommerce > > > > > > > Hmmm, interesting comment. > > > > > > What I assume to be my SessionID from my current Amazon.com > > > sessions: > > > > > > IE Session: 104-8981534-3506318 > > > NS6 Session: 102-5233334-0108134 > > > > > > CFTOKENs for my current sessions on my CF Server: > > > > > > IE Session: 3c154df-3b8b20b0-54b8-4cfa-8ebb-be0b2ac13e32 > > > NS6 Session: 3e97129-07682ed4-cd01-435a-959c-b70a06ebcb07 > > > > > > My CFToken changes completely with each new session I create. > > > Which seems more secure? > > > > By default, CFTOKEN values aren't UUIDs. You have to enable that by > editing > > the Registry. Unfortunately, this functionality isn't very well known - to > > the best of my knowledge, it was mentioned in one set of > > 4.5.something-or-other release notes, and that's it. > > > > To use UUIDs as CFTOKEN values, you have to create the registry key: > > > > > HKEY_LOCAL_MACHINE\Software\Allaire\ColdFusion\CurrentVersion\Clients\UuidTo > > ken > > > > and give it the value "1". > > > > Oddly enough, I'm covering this briefly in the "Securing ColdFusion > Servers > > on Windows" class, which is why it was fresh on my mind, I guess. > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > voice: (202) 797-5496 > > fax: (202) 797-5444 > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
