> rom what I have heard and from what I know.... passing the > pair is a big no > no, its a real security risk. You should never (unless > forced) pass them > via the URL.....hidden form fields maybe, but not the URL...
Really - why so? Because someone can change the CFTOKEN and get someone elses vars? You can actually change it so that CFTOKEN uses a UUID, which is what we do on our servers. You can do this in pre-CFMX by changing a setting in the registry. -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
