If the product is commercially available, people have insight in the source code and can know the variable name.

If the product was developed in-house, it may still be possible to get to the source code because of other security bugs to view file content or so.

Also, did you even wonder about the amount of entropy in coldfusion variable names? Do you encourage developers to use your proposed naming scheme? I doubt it. Even for completely blind attacks the amount of entropy in variable naming is not that big and you might indeed be able to brute force it.

Your proposal for ’security’ boils down to using plain-text passwords with a non-existent password policy biased to syntactically sugared strings.

It sounds as though they have greatly reduced the number of IE hacks required, but still have bugs with images.

I’m grateful your first fluid Skidoo persuaded us to make our site “Fluid”. We have since upgraded to your latest version, and I’ve recently viewed it on various tiny mobile devices for the first time; it looks great thanks to you.

The first thing you have to do reading a site on an iPhone type device is increase the font size.
That’s when you see the benefit of letting go of tables, fixed widths, and font sizes, as you encouraged us to do.

I look forward to a Skidoo refinement based on Fluid Grid thinking too.

Colin

It sounds as though they have greatly reduced the number of IE hacks required, but still have bugs with images.

I’m grateful your first fluid Skidoo persuaded us to make our site “Fluid”. We have since upgraded to your latest version, and I’ve recently viewed it on various tiny mobile devices for the first time; it looks great thanks to you.

The first thing you have to do reading a site on an iPhone type device is increase the font size.
That’s when you see the benefit of letting go of tables, fixed widths, and font sizes, as you encouraged us to do.

I look forward to a Skidoo refinement based on Fluid Grid thinking too.

Colin