Paranoid much, Alan?
NAT
-----Original Message-----
From: McCollough, Alan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 06, 2000 9:18 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Stumped on the "new" FB
I dunno, I think that as a quickie solution, cryptic names works fine,
especially if you roll 'em over on a regular basis. You know, if you really
wanted to be a sneak, it IS conceivable to develop a scheme where the name
of the fuseaction is derived from the current date, or even the current
time. Yeah, heh, if they aren't logging in at a time when the hour plus the
minutes equals 29, toss 'em out!
I've actually had an idea for a public-private key fuseaction concept.
You have a db that has two fields, one is a GUID (an ugly-long hex number),
and the other is a plain text field for your fuseactions.
In your template, you replace all plain-text fuseactions with the GUIDs.
You have a separate CF template that serves as the "keymaster", who will on
a scheduled basis, regenerate new GUIDs, and do a global find-n-replace to
change out the old GUIDs with the new GUIDs in both your CF templates and
the DB.
As the admin, you would lock down the DB so that only you had access to the
plain-text names for the fuseactions.
This might not accomplish a whole lot for security; it was just a concept...
Alan McCollough
Web Programmer
Allaire Certified ColdFusion Developer
Alaska Native Medical Center
> -----Original Message-----
> From: BOROVOY Noam [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, September 06, 2000 8:15 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Stumped on the "new" FB
>
> And just when it seemed we started thinking alike... ;-)
> Security based on obscurity won't last for long - one user peeking over
> you
> shoulder, or looking through you history, or sniffing on the net, or
> looking
> into the web server log...
> Don't just use cryptic names - check to see who the remote user is ( NT
> Login, Remote IP address, Password authentication - whatever you fancy)
>
> Noam
> ----------
> From: McCollough, Alan [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, 06 September 2000 18:00
> To: '[EMAIL PROTECTED]'
> Subject: RE: Stumped on the "new" FB
>
> Well, ya dont LiTeRaLlY tell 'em to "GET LOST". You can do a
> CFLOCATE to
> lose 'em, or some such other thing...
>
> Of course, you could (should) mask your really cool admin
> fuseactions with
> cryptic names, and create other "admin" fuseactions to get the
> troublemakers.
>
> <CFCASE value="admin">
> <CFINCLUDE TEMPLATE="dsp_dont_you_wish_you_loser.cfm">
> </CFCASE>
>
> Yeah, heh heh, stuff like that...
>
> Alan McCollough
> Web Programmer
> Allaire Certified ColdFusion Developer
> Alaska Native Medical Center
>
> > -----Original Message-----
> > From: Marc Funaro [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 06, 2000 7:51 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Stumped on the "new" FB
> >
> > I concur on that ! An accidental "get lost" message because YOU
> messed up
> > is likely to hinder site traffic a bit... (giant WINK)
> >
> > Marc
> >
> > -----Original Message-----
> > From: Stephen Moretti (IVL Onsite)
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 06, 2000 11:40 AM
> > To: fusebox
> > Subject: Re: Stumped on the "new" FB
> >
> >
> > Alan,
> >
> > > Wow. deja-vu! I just typed the same concept out. Must be
> something about
> > > fusebox folks thinking along parallel lines...
> > >
> >
> >
> > What is it that they say???
> >
> > Great minds think alike, but fools never differ.....
> >
> > ;o)
> >
> > BTW - Rather than telling your lovely users to "GET LOST" you
> could
> > direct
> > them back to the home page. ;o)
> >
> > Regards
> >
> > Stephen
> >
> >
> --------------------------------------------------------------------------
> > --
> > --
> > To Unsubscribe visit
> >
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> > send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in
> > the body.
> >
> >
> --------------------------------------------------------------------------
> > ----
> > To Unsubscribe visit
> >
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> > send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in
> > the body.
>
> --------------------------------------------------------------------------
> --
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
