Hi,
I am currently trying to develop a secure application using fusebox and
wondered if anyone can see any security problems with the following idea.
User logs in using a secure connection, on successful login the users IP is
logged using CGI.REFERER and then the user is allocated a unique session
number(details stored in database). Each link throughout the site passes
back to the server the session number which then compares the IP of the
requesting client to the IP of the user who logged in originally and was
allocated this session number.
I am sure there are lots of ways to achieve the same goal I just wondered
if there are any holes in this design.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
