IL PROTECTED]
> Sent: Thursday, July 10, 2003 9:03 AM
> To: CF-Talk
> Subject: Re: [cflogin] My Symptoms and my application.cfm code...
>
>
> on 7/10/03 10:53 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
>
> > Then that is the root of your problem. You aren't lo
on 7/10/03 10:53 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> Then that is the root of your problem. You aren't logged out. You need
> to add some kind of logout function, something like
>
>
>
>
>
Aha...see, I even made a logout.cfm that had the following (I pasted this
time):
Now
on 7/10/03 10:51 AM, Thomas Chiverton at [EMAIL PROTECTED]
wrote:
> On Thursday 10 Jul 2003 15:40 pm, Jeff wrote:
>> I'm on win2k, running IIS, with devCFMX running. Whenever I try to test
>> pages that have cflogin code, I never "completely" log out. In other words,
>> whenever I output GetAuthUs
IL PROTECTED]
> Sent: Thursday, July 10, 2003 8:41 AM
> To: CF-Talk
> Subject: Re: [cflogin] My Symptoms and my application.cfm code...
>
>
> on 7/10/03 10:27 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
>
> > Oh hey, I think I know what you may be seeing. Are you
On Thursday 10 Jul 2003 15:40 pm, Jeff wrote:
> I'm on win2k, running IIS, with devCFMX running. Whenever I try to test
> pages that have cflogin code, I never "completely" log out. In other words,
> whenever I output GetAuthUser() I return "JEFF-PC/Jeff".
That's IIS's intergrated NT auth. then...
on 7/10/03 10:27 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> Oh hey, I think I know what you may be seeing. Are you already logged
> on? What do you see if you output getAuthuser()? Remember that the code
> INSIDE cflogin is only run if you are not logged in.
>
Okay, this brings me to somet
on 7/10/03 10:25 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
>>
>>
>>
>>
>
> I assume you just typo'd above, but it should be cflocation
> url="login.cfm" - you were missign the first "
Yeah, I wasn't pasting, I was just typing from memory...but you know...you
made me go back and look
On Thursday 10 Jul 2003 15:21 pm, Jeff wrote:
>
>
>
Dump the value and see what it has, maybe it's being set to something funny ?
I think you want a () in there too.
--
Thomas C
Advanced ColdFusion Programmer
PLEASE NOTE: When the Recipient Is Not Directly Observing This E-mail, It May
-Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 8:22 AM
> To: CF-Talk
> Subject: Re: [cflogin] My Symptoms and my application.cfm code...
>
>
> on 7/10/03 10:11 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
>
> >
>
>
>
>
I assume you just typo'd above, but it should be cflocation
url="login.cfm" - you were missign the first "
-ray
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.hou
on 7/10/03 10:11 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> I'd see Thomas' reply on storing the hashed version of the password.
> This is better than my method. As for the mechanics of the cookie, you
> can either store one cookie, and then simply say the first 50 chars are
> username, the
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 8:01 AM
> To: CF-Talk
> Subject: Re: [cflogin] My Symptoms and my application.cfm code...
Hi,
Raymond said:
>>
>>
> What is to stop me from editing my cookie and setting my ID to be
> someone else?
Actually on that subject, interesting articles on securityfocus.com about
Penetration Testing for Web Applications (or hacking web apps depending on
what color your hat is... )
http://
On Thursday 10 Jul 2003 14:57 pm, Raymond Camden wrote:
> It does, unless someone decrypts your cookie. Why not simply store both
> the username and password?
Store a hash of the password on the client.
Then if Evil Bob gets hold of the client machine, they can't retrieve the
original password.
on 7/10/03 9:57 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> It does, unless someone decrypts your cookie. Why not simply store both
> the username and password? THen the only risk is if someone hacks into
> the users computer, and THEN the only thing loss is ONE account.
> Currently if I decr
: morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 7:54 AM
> To: CF-Talk
> Subject: Re: [cflogin] My Symptoms and my application.cfm code...
>
>
Haven't read your code, but if you use HTTP Analyzer
http://www.coolfusion.com/downloads/ or wget or telnet to see what is
actually happening.
Teach a man to fish ...
~ and you can sell him fishing equipment.
WG
-Original Message-
From: Jeff [mailto:[EMAIL PROTECTED]
However, whenever
on 7/10/03 9:51 AM, Raymond Camden at [EMAIL PROTECTED] wrote:
> Not related to your issue, but this:
>
>
>
>
> What is to stop me from editing my cookie and setting my ID to be
> someone else?
Yeah, I see that too. Before the end of the day I was gonna add a cfencrypt
to it. Wouldn't that
Not related to your issue, but this:
What is to stop me from editing my cookie and setting my ID to be
someone else?
===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
(www.mindseye.com)
Member of Team Mac
19 matches
Mail list logo