>From some of the comments looks like instead of having the security
"document" it might be better to have it in a format of questions and
answers - FAQ type and in HTML.
So to help me get this going please do send your security questions/problems
and even better also your way of solving the problem (algorithm / code
snippet / ...) - as with the previous document all contributions will
receive a brand new shiny Ferrari F-20 (or at least a mention of your name
on the FAQ ;-).
Thanks,
Noam
----------
From: BOROVOY Noam [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, 11 July 2000 16:15
To: [EMAIL PROTECTED]
Subject: RE: <cf_secure>(IE5 password autofillin)
I've started a security document which also describes the different
authentication methods of IIS and how to use them with CF.
It's a early draft so please all comments for improvement welcome.
You can download it from:
http://www.aebco.com/CF/CF_Security.doc
<http://www.aebco.com/CF/CF_Security.doc>
if you need the word viewer see:
http://www.aebco.com/main.htm <http://www.aebco.com/main.htm> for a
link to
download it.
Regards,
Noam
----------
From: Marc Gadsdon [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, 11 July 2000 15:49
To: [EMAIL PROTECTED]
Subject: RE: <cf_secure>(IE5 password autofillin)
One can use IIS challenge response using NT authentication,
and/or
other
forms of challenge response (i.e. htaccess for Unix and NT)
which
will throw
a dialogue generated from the browser when the user tries to
enter a
protected area of the site.
Although I'm a bit sketchy I believe the NT method only
works with
IE (but
you get to take advantage of NT User permissions etc)
whereas
htaccess works
cross browser (?).
With IIS you initiate by altering the security permissions
within
the
properties for your site in IIS. With htaccess it's a file
based
thing (as
I'm sketchy on htacces I did a search and came up with this
at the
top of
the list http://www.technotrade.com/htaccess/)
HTH
Marc
-----Original Message-----
From: Joseph Higgins [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2000 15:59
To: [EMAIL PROTECTED]
Subject: Re: <cf_secure>(IE5 password autofillin)
How do you initiate an HTTP challenge using cold fusion?
Max Paperno wrote:
> At 7/9/2000 03:26 PM +0100, Marc Gadsdon wrote:
>
> >>but obviously with sensitive admin passwords etc, that's
when
you choose
> >not to save the password, when IE asks you...
> >
> >It only takes a quick click and you've stored the
password...again it's
out
> >of our control and up to user doing the right thing. The
only
thing we
can
> >control is autocomplete="no".
>
> Actually if you don't call your form fields "username" and
"password" then
IE won't try to store the password (at least from my
experience).
This is
if we're talking about a Web-based login form, of course,
not a
HTTP-based
challenge.
>
> Cheers,
> -Max
>
>
--------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with
'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with
'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with
'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
