I prefer "plain text" emails myself so apoligies at my reluctance to
assist in the dessimination of virri, rogue scripts, annoying pop-ups,
etc.

I've been a major ColdFusion user now for 8 years. Starting since it was
delivered either on floppy disks or small enough downloads to fit on a
floppy disk to the uber monger 80+Mb download CFMAX has become today.

Security is VERY important in this day of Intranets/Extranets/Internet
sites that feature - especially - the ability to add/edit/delete
content. 8 years later I'm reluctant to deal with anyones credit card
details via CF. CF is not the problem for me however - just the nature
of the Internet.

I recently attended the inugural MXDU 2003 conference in Sydney and one
of the keynotes dealt with "logon" security.

To cut a long story short - if you want to truly secure your login
scripts you must use some form of encryption. SSL (Secure Sockets Layer)
in tandem with your own encryption would be a good start. Rembember that
for example SQL Server doesn't offer a "password" field like MS Access.
Together with an encryption key and SSL you can offer a secure
environment over the Internet - at least so long as you enforce strict
password rules.

Good Luck (wish me luck to in my implementation).

PT
Coldgen (www.coldgen.com)



---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to