I had made a small oversight, and not set up the newer version of this UDF for download. I have done that now, and I will be rewriting the demo app to show how to use the check sum also.
Tim Heald ACP/CCFD Application Development www.schoollink.net -----Original Message----- From: Tim Heald [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 9:37 PM To: CF-Talk Subject: RE: Fusebox and URL protection Hey, Thanks for the recommendation Lee. You know it wouldn't be nearly as useful if you hadn't added the check sum to it. If you have any questions in the use of the functions. Please let me know. I am also talk to another developer who is using the UDFs in production currently and seeing if we can't take it to the next level. We may change this to a cfx tag eventually to harden the encryption some. I hope it helps. I know I use it on my site, and if I didn't have the code that built the urls or the key I wouldn't be able to do anything with them. Tim Heald ACP/CCFD Application Development www.schoollink.net -----Original Message----- From: BORKMAN Lee [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 8:54 PM To: CF-Talk Subject: RE: Fusebox and URL protection An interesting approach is to pass a completely encrypted URL string. Have a look at Tim Heald's URL encryption functions here: http://loathe.mine.nu/ The problem with adding a simple checksum is that a dedicated hacker only needs to figure out the checksum algorithm. Encrypting the entire URL makes that job much harder. Have fun, LeeBB -----Original Message----- From: Michael Tangorre [mailto:[EMAIL PROTECTED]] hey everyone. what is the best way to make sure noone tampers with the URL and the parameters in the url? I am using fusebox 2, and need to find a solution to the above problem if it is appropriate. Thanks, Mike IMPORTANT NOTICE: This e-mail and any attachment to it is intended only to be read or used by the named addressee. It is confidential and may contain legally privileged information. No confidentiality or privilege is waived or lost by any mistaken transmission to you. If you receive this e-mail in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. The RTA is not responsible for any unauthorised alterations to this e-mail or attachment to it. ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
