[thelist] Javascript: url variable to form text field
rudy
r937 at interlog.com
Thu Mar 13 09:01:52 CST 2003
>
<http://evolt.jeffhowden.com/jeff/code/js_url_variables/index.cfm?foo=bar&fa
r=boo&cfid=1235908&cftoken=14598715>
>
> Watch the wrap.
tom, watch the session variables
dunno about jeff's site, but in general
in fact, here's a tip
<tip type="protect your identity on the internet">
when giving out URLs for pages to which you have navigated, be vigilant,
strip out anything that looks like a session variable
for example, don't give out CFID and CFTOKEN values, which identify your
session on a coldfusion site
if the site requires login authentication, and if the session is still
active, and somebody else clicks through using your session variables, they
could hijack your session, reset your password, order stuff on your credit
card to ship elsewhere, et cetera
the identity you lose could be your own
</tip>
rudy
More information about the thelist
mailing list