Re: Stumped on the "new" FB

Fred T. Sanders Fri, 08 Sep 2000 13:29:44 -0700
Yeah, he probably is, now if he really wanted to do it right he would treat
the following link as his programming bible.

http://www.mindprod.com/unmain.html

Fred T. Sanders
Charlottesville, VA
-------------------------------------------
That's not bad code.
I'm trying to confuse would be hackers.

----- Original Message -----
From: "Nat Papovich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 08, 2000 1:24 PM
Subject: RE: Stumped on the "new" FB


> Paranoid much, Alan?
>
> NAT
>
> -----Original Message-----
> From: McCollough, Alan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 06, 2000 9:18 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Stumped on the "new" FB
>
>
> I dunno, I think that as a quickie solution, cryptic names works fine,
> especially if you roll 'em over on a regular basis. You know, if you
really
> wanted to be a sneak, it IS conceivable to develop a scheme where the name
> of the fuseaction is derived from the current date, or even the current
> time. Yeah, heh, if they aren't logging in at a time when the hour plus
the
> minutes equals 29, toss 'em out!
>
>
> I've actually had an idea for a public-private key fuseaction concept.
>
> You have a db that has two fields, one is a GUID (an ugly-long hex
number),
> and the other is a plain text field for your fuseactions.
> In your template, you replace all plain-text fuseactions with the GUIDs.
> You have a separate CF template that serves as the "keymaster", who will
on
> a scheduled basis, regenerate new GUIDs, and do a global find-n-replace to
> change out the old GUIDs with the new GUIDs in both your CF templates and
> the DB.
>
> As the admin, you would lock down the DB so that only you had access to
the
> plain-text names for the fuseactions.
>
> This might not accomplish a whole lot for security; it was just a
concept...
>
> Alan McCollough
> Web Programmer
> Allaire Certified ColdFusion Developer
> Alaska Native Medical Center
>
> > -----Original Message-----
> > From: BOROVOY Noam [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 06, 2000 8:15 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: Stumped on the "new" FB
> >
> > And just when it seemed we started thinking alike... ;-)
> > Security based on obscurity won't last for long - one user peeking over
> > you
> > shoulder, or looking through you history, or sniffing on the net, or
> > looking
> > into the web server log...
> > Don't just use cryptic names - check to see who the remote user is ( NT
> > Login, Remote IP address, Password authentication - whatever you fancy)
> >
> > Noam
> > ----------
> > From:  McCollough, Alan [SMTP:[EMAIL PROTECTED]]
> > Sent:  Wednesday, 06 September 2000 18:00
> > To:  '[EMAIL PROTECTED]'
> > Subject:  RE: Stumped on the "new" FB
> >
> > Well, ya dont LiTeRaLlY tell 'em to "GET LOST". You can do a
> > CFLOCATE to
> > lose 'em, or some such other thing...
> >
> > Of course, you could (should) mask your really cool admin
> > fuseactions with
> > cryptic names, and create other "admin" fuseactions to get the
> > troublemakers.
> >
> > <CFCASE value="admin">
> > <CFINCLUDE TEMPLATE="dsp_dont_you_wish_you_loser.cfm">
> > </CFCASE>
> >
> > Yeah, heh heh, stuff like that...
> >
> > Alan McCollough
> > Web Programmer
> > Allaire Certified ColdFusion Developer
> > Alaska Native Medical Center
> >
> > > -----Original Message-----
> > > From: Marc Funaro [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 06, 2000 7:51 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Stumped on the "new" FB
> > >
> > > I concur on that !  An accidental "get lost" message because YOU
> > messed up
> > > is likely to hinder site traffic a bit...  (giant WINK)
> > >
> > > Marc
> > >
> > > -----Original Message-----
> > > From: Stephen Moretti (IVL Onsite)
> > [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 06, 2000 11:40 AM
> > > To: fusebox
> > > Subject: Re: Stumped on the "new" FB
> > >
> > >
> > > Alan,
> > >
> > > > Wow. deja-vu! I just typed the same concept out. Must be
> > something about
> > > > fusebox folks thinking along parallel lines...
> > > >
> > >
> > >
> > > What is it that they say???
> > >
> > > Great minds think alike, but fools never differ.....
> > >
> > > ;o)
> > >
> > > BTW - Rather than telling your lovely users to "GET LOST"  you
> > could
> > > direct
> > > them back to the home page. ;o)
> > >
> > > Regards
> > >
> > > Stephen
> > >
> > >
>
> --------------------------------------------------------------------------
> > > --
> > > --
> > > To Unsubscribe visit
> > >
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or
> > > send a message to [EMAIL PROTECTED] with
> > 'unsubscribe' in
> > > the body.
> > >
> > >
>
> --------------------------------------------------------------------------
> > > ----
> > > To Unsubscribe visit
> > >
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or
> > > send a message to [EMAIL PROTECTED] with
> > 'unsubscribe' in
> > > the body.
> >
>
> --------------------------------------------------------------------------
> > --
> > --
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> > the body.
>
> --------------------------------------------------------------------------
> > ----
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> > the body.
> --------------------------------------------------------------------------
--
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>

------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Stumped on the "new" FB

Reply via email to
