Ask a Question related to Coldfusion Security, Design and Development.

  1. tanaka #1

    Default CFID is predictable

    CFID is predictable, always incremented by 3. We can randomize CFTOKEN by using UUID. Is there a way we can randomize CFID too?:confused;
    tanaka Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. duplicate cfid cftoken
      hi guys I use cfid and cftoken to identified user profile, recently ,different user may get the same cfid and token when i check web logs,...
    2. CFTOKEN and CFID
      Hi all: My english is not pretty good but i will try to explain myself. I have an IIS web server and CFMX Server installed on it. In IIS i have a...
    3. Getting rid of cfid and cftoken cookies...
      I am trying to make session on my page, but avoid the use of cfid and cftoken cookies. I am using the attribute setclientcookies="no" in my...
    4. URL.CFID confusing sessions
      Where do I start? When going to any of our web sites, the home page comes up and i the URL I have a CFID and CFTOKEN URL vars. On this same home...
    5. Info for the CFID and CFTOKEN
      Hi i am getting confusion with CFID AND CFTOKEN. whats the difference b/w these two. and how it will helps us in writing the cfm files. as i...
  2. tanaka #2

    Default CFID is predictable

    CFID is predictable, always incremented by 3. We can randomize CFTOKEN by using UUID. Is there a way we can randomize CFID too?:confused;
    tanaka Guest
    Reply With Quote Reply With Quote
  3. Mike Nimer #3

    Default Re: CFID is predictable

    No, CFIDE is an incremented number. In CF5 and before the current count was
    stored in the registry, in CF6+ it's stored in a property file. But each
    request get's the next number. It's the combination of an index and random
    number (and now UUID) that makes the combo unique for each user.

    ---nimer



    "tanaka" <webforumsuser@macromedia.com> wrote in message
    news:cvh3ni$no7$1@forums.macromedia.com...
    > CFID is predictable, always incremented by 3. We can randomize CFTOKEN by
    > using UUID. Is there a way we can randomize CFID too?:confused;

    Mike Nimer Guest
    Reply With Quote Reply With Quote
  4. vkunirs #4

    Default Re: CFID is predictable

    Hi

    As i have seen in the MM CF docs ..its like this :

    CFID A sequential client identifier
    CFToken A random-number client security token

    So i think we can't do that.
    lets see what others say..

    vkunirs Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139