> I'd lock stuff down on the server side and if someone wants to monkey around > with the URLs, let them.
That being said. I have a little tag that I use internally to keep users from monkeying around with URLS. It is far from being bullet proof but it will keep the folks at work from mucking around with URL vars. http://cozz.pastebin.com/Ks4VrVLv I just stick <cf_blockURL> and it will block people from changing the url. For something facing the public I would inclined to use something like Portcullis or some other security based framework. http://portcullis.riaforge.org/ HTH G! On Aug 17, 6:12 pm, Matthew Woodward <[email protected]> wrote: > On Tue, Aug 17, 2010 at 1:58 PM, Jason King <[email protected]> wrote: > > Any input is good. I haven't done it yet, and haven't been convinced to do > > it yet, but it's something I'm wondering about. My security layer already > > prevents anything bad from happening, but I was wondering if it would be > > worth doing just in case. Plus it would make things appear more security and > > protected. > > I've personally never been a fan of security through obscurity and/or the > appearance of security merely for the sake of appearances. If it were me, Worrying about encrypting/obfuscating URLs adds a > lot of unnecessary effort on the application side for no real benefit IMO. > > -- > Matthew Woodward > [email protected]http://blog.mattwoodward.com > identi.ca / Twitter: @mpwoodward > > Please do not send me proprietary file formats such as Word, PowerPoint, > etc. as attachments.http://www.gnu.org/philosophy/no-word-attachments.html -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
