Hey,
Thanks for the recommendation Lee. You know it wouldn't be nearly as
useful if you hadn't added the check sum to it. If you have any questions
in the use of the functions. Please let me know. I am also talk to another
developer who is using the UDFs in production currently and seeing if we
can't take it to the next level. We may change this to a cfx tag eventually
to harden the encryption some. I hope it helps. I know I use it on my
site, and if I didn't have the code that built the urls or the key I
wouldn't be able to do anything with them.
Tim Heald
ACP/CCFD
Application Development
www.schoollink.net
-----Original Message-----
From: BORKMAN Lee [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 05, 2002 8:54 PM
To: CF-Talk
Subject: RE: Fusebox and URL protection
An interesting approach is to pass a completely encrypted URL string. Have
a look at Tim Heald's URL encryption functions here:
http://loathe.mine.nu/
The problem with adding a simple checksum is that a dedicated hacker only
needs to figure out the checksum algorithm. Encrypting the entire URL makes
that job much harder.
Have fun,
LeeBB
-----Original Message-----
From: Michael Tangorre [mailto:[EMAIL PROTECTED]]
hey everyone.
what is the best way to make sure noone tampers with the URL and the
parameters in the url?
I am using fusebox 2, and need to find a solution to the above problem if it
is appropriate.
Thanks,
Mike
IMPORTANT NOTICE:
This e-mail and any attachment to it is intended only to be read or used by
the named addressee. It is confidential and may contain legally privileged
information. No confidentiality or privilege is waived or lost by any
mistaken transmission to you. If you receive this e-mail in error, please
immediately delete it from your system and notify the sender. You must not
disclose, copy or use any part of this e-mail if you are not the intended
recipient. The RTA is not responsible for any unauthorised alterations to
this e-mail or attachment to it.
______________________________________________________________________
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
