Here's another of the old notes that didn't make it...
From: Charlie Arehart [mailto:careh...@carehart.org] Sent: Wednesday, February 18, 2009 12:11 AM To: 'discussion@acfug.org' Subject: how did cfid/cftoken get exposed? RE: [ACFUG Discuss] CF Applications hosted on third party webserver/hosting services Allen, thanks. It was indeed pretty odd to see Shawn sharing a URL from my site that looked like that. I don't have any place I know that exposes the CFID/CFTOKEN. I don't have any page doing a CFLOCATION with AddToken="yes" (I never add that). Anyone know how else it may pop up? As for session hijacking, that's not really a worry, though. I really have no session-based stuff on the site for regular users. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of axunderw...@ups.com Sent: Tuesday, February 17, 2009 2:37 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] CF Applications hosted on third party webserver/hosting services That's awesome - I wonder if someone can hijack your session?! Charlie, how secure is your site?! =) _____ From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell Sent: Tuesday, February 17, 2009 2:29 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CF Applications hosted on third party webserver/hosting services For anyone that needs tool advice, I'd recommend bookmarking this link to Charlie's site. http://www.carehart.org/cf411/?CFID=155996&CFTOKEN=14df06d00161ffbb-85B4F706 -90BC-5757-5CD21E2BC185306B ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
