> Service Pack 2 for CF 4.5 was suppose to fix the indicated 'security > vulnerability', atleast thats what I read on a message board posting. > > Saul G Perez > BSC-Web Designs > E-mail: webmaster@bsc-designs.com > http://www.bsc-designs.com > > > -----Original Message----- > From: Consultant [mailto:consultant@secExpert.com] > Sent: Tuesday, February 20, 2001 8:00 PM > To: CF-Server > Subject: Re: encrypt values in text controls > > > I've heard that there are utilities on the Net which allow you to De-crypt > any CFM pages. I'm sure the encryption is not one way. > > :) > > > ----- Original Message ----- > From: "McCluskey, Phil" <pmccluskey@uecomm.com.au> > To: "CF-Server" <cf-server@houseoffusion.com> > Sent: Wednesday, February 21, 2001 10:05 AM > Subject: RE: encrypt values in text controls > > > > They may use those tags internally, I'm not sure; but the admin pages are > > encrypted with the standard executable included with CF. > > (CFUSION/BIN/cfencode.exe in NT) You can also use Studio to encrypt your > > pages (using the same executable) when you are uploading them. That kind > of > > page encryption is theoretically one-way, so it can't be (legitimately) > > decoded. > > > > -----Original Message----- > > From: Consultant [mailto:consultant@secExpert.com] > > Sent: Wednesday, 21 February 2001 12:23 PM > > To: CF-Server > > Subject: Re: encrypt values in text controls > > > > > > Thanks Phil, It worked!!!! > > > > By the way, is this the tag the Allaire people used for their CF Admin > > Pages? ;) > > > > ----- Original Message ----- > > From: "McCluskey, Phil" <pmccluskey@uecomm.com.au> > > To: "CF-Server" <cf-server@houseoffusion.com> > > Sent: Wednesday, February 21, 2001 5:59 AM > > Subject: RE: encrypt values in text controls > > > > > > > rather than encrypt and decrypt, you can use CFusion_Encrypt() and > > > CFusion_Decrypt(). These are undocumented and not supported. The > > encrypted > > > string is twice the length of the original, and you won't have issues > with > > > quotes, hashes or spaces in the encrypted strings. > > > > > > -----Original Message----- > > > From: Consultant [mailto:consultant@secExpert.com] > > > Sent: Tuesday, 20 February 2001 11:23 PM > > > To: CF-Server > > > Subject: encrypt values in text controls > > > > > > > > > Hi all: > > > > > > I wonder if anybody use encryptions on text inputs ? > > > e.g <input type="text" value= #encrypt("12345", "mySecretKey")#> > > > > > > There is a problem with such approach, though, sometime the encrypted > > values > > > may contain one or more double/single quotes, which will cripple the > > entire > > > <input> control. > > > e.g <input type="text" value="xcr3'##$2'"'fddf"dfdsp2"> > > > > > > ---By using URLEncodedFormat-- > > > I tried to use URLEncodedFormat, however, once the value is passed to > the > > > action page, I have no way to url-Decode the encoded (and encrypted) > > value. > > > > > > Is there any way to ensure that the encrypted values are Safe to use > > (pass) > > > with the <input> control ? > > > > > > I'm sure there are lots of people out there use some sort of encryption > on > > > their hidden controls, Please share it with us :) > > > > > > Thanks in advance! > > > > > > FCF > > > > > > > > > > > > > -------------------------------------------------------------------------- > > -- > > > -- > > > To unsubscribe, send a message to cf-server-request@houseoffusion.com > with > > > 'unsubscribe' in the body or visit the list page at > www.houseoffusion.com > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to cf-server-request@houseoffusion.com with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com