Client variables will be as secure as your CFID:CFTOKEN is. That's where
your spoofing will occur.
Alan McCollough
Web Programmer
Allaire Certified ColdFusion Developer
Alaska Native Medical Center
> -----Original Message-----
> From: Josh [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, October 06, 2000 2:46 PM
> To: Fusebox
> Subject: Faking client variables
>
> Does anyone know offhand how secure client variables are? I'm assuming
> that as long as CF is set to store them in the registry or a database,
> they are basically secure from faking.
> Can anyone think of a scenario where a web user could fake some client
> variables other than CFID and CFTOKEN(and of course, how the rascals would
> do so), to obtain access to something
> secured with client vars?
>
> Josh Diehl
>
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
