Panos
asked on
Coldfusion security
Hello experts.
This question is for coldfusion security.
I have to prefer <cflocation addtoken="yes"... with setclientcookies="no" in cfapplication
for more security?
If i make this change will i have problems?
I'm asking because i'm using now the opposed:
<cflocation addtoken="no"... with setclientcookies="yes" in cfapplication
This question is for coldfusion security.
I have to prefer <cflocation addtoken="yes"... with setclientcookies="no" in cfapplication
for more security?
If i make this change will i have problems?
I'm asking because i'm using now the opposed:
<cflocation addtoken="no"... with setclientcookies="yes" in cfapplication
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you point me to the forum so I can see the context.
So in this case you would run cookieless site right?
So in this case you would run cookieless site right?
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much for your help.
Here is another problem i have :https://www.experts-exchange.com/questions/26636239/Coldfusion-security-and-manage-bots-spiders.html
Can you help me?
regards
Panos
Here is another problem i have :https://www.experts-exchange.com/questions/26636239/Coldfusion-security-and-manage-bots-spiders.html
Can you help me?
regards
Panos
Sorry, I was just heading to sleep. I'd have to think about that one. When my brain's not so tired ;-)
Btw: Don't know if you're in the US, but Thur/Fri are a holiday for most people. That's probably why responses are slow.
ASKER
OK
I hope you will find some time to look at this question.
There are too many things in the net but not a complete solution that could cover everything.
i'm not in US but in EU and when i wake up you go to sleep.HAHA....
I hope you will find some time to look at this question.
There are too many things in the net but not a complete solution that could cover everything.
i'm not in US but in EU and when i wake up you go to sleep.HAHA....
There are too many things in the net but not a complete solution that could cover everything.
That's because there isn't 1 complete solution. Unfortunately, there are different types of threats, and new ones uncovered frequently. Each requires different ways to defend against them. Security is too important. That's why I didn't rush in and say "sure. you can fix everything just by doing (something)". Anyone that says that is either misinformed or .. just plain lying ;-)
i'm not in US but in EU and when i wake up you go to sleep.HAHA....
Haha, I figured.
That's because there isn't 1 complete solution. Unfortunately, there are different types of threats, and new ones uncovered frequently. Each requires different ways to defend against them. Security is too important. That's why I didn't rush in and say "sure. you can fix everything just by doing (something)". Anyone that says that is either misinformed or .. just plain lying ;-)
i'm not in US but in EU and when i wake up you go to sleep.HAHA....
Haha, I figured.
ASKER
It is general question.Do or not use addtoken="YES".I read in a forum that it is safer to use YES instead of having the token in a cookie.So i want to know the opinion of the experts here.