and then all someone has to do is use a program to spoof the referrer information and their in. The only thing that you as a web programmer can do without beating your head against the wall is to make sure you qualify all variables passed to the page, check them to make sure they are of the length and type you want and then have error checking to test the values. If you do that, then it doesn't matter where the information is coming.
Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -----Original Message----- From: Timothy Heald [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:54 PM To: CF-Talk Subject: RE: Re[2]: Preventing user from going back The only way I have seen to do this, and it was mentioned by someone earlier, is to only allow for a specific referer. You would use the url to the page that the user 'should' be coming from like this: <cfif cgi.HTTP_REFERER is 'my url'> Allow the template to process <cfelse> move them somewhere else either with cflocation or a script </cfif> Tim Heald ACP/CCFD :) Application Development www.schoollink.net > -----Original Message----- > From: Alex [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 30, 2002 3:18 PM > To: CF-Talk > Subject: Re: Re[2]: Preventing user from going back > > > Interesting point. I took it upon myself to test out your question and > found that you CAN go back. > > On Thu, 30 May 2002, Mario Martinez wrote: > > > What if I view the file source, erase all the java script code that is > > bothering me .Save the file into my local harddisk and run the > browser over > > it > > and try to going back??? . > > regards > > Mario > > ----- Original Message ----- > > From: "Critz" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, May 30, 2002 2:18 PM > > Subject: Re[2]: Preventing user from going back > > > > > > > oi Alex!! > > > > > > then you could always do this > > > > > > <noscript><meta refresh......></noscript> > > > > > > seeing as how most of us develop web applications and not > > websites....if > > > javascript is disabled, then they don't need to be there...... > > > > > > > > > -- > > > Critz > > > Certified Adv. ColdFusion Developer > > > > > > Crit[s2k] - <CF_ChannelOP Network="Efnet" Channel="ColdFusion"> > > > ------------------------------------ > > > Thursday, May 30, 2002, 2:07:05 PM, you wrote: > > > > > > A> What happens if I disable javascript? > > > > > > > > > A> On Thu, 30 May 2002, Critz wrote: > > > > > > >> oi Mark!! > > > >> > > > >> <SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"> > > > >> <!-- > > > >> window.history.forward(); > > > >> file://--> > > > >> </SCRIPT> > > > >> > > > >> on the preceding page.... > > > >> > > > >> -- > > > >> Critz > > > >> Certified Adv. ColdFusion Developer > > > >> > > > >> Crit[s2k] - <CF_ChannelOP Network="Efnet" Channel="ColdFusion"> > > > >> ------------------------------------ > > > >> Thursday, May 30, 2002, 1:19:09 PM, you wrote: > > > >> > > > >> MS> Hey all, > > > >> > > > >> MS> Does anyone have an easy way to prevent the user from > going back to > > the > > > >> MS> previous page? > > > >> > > > >> MS> -------------------------------------- > > > >> MS> Mark Smeets / stranger0 / ICQ: 1062196 > > > >> MS> [EMAIL PROTECTED] > > > >> MS> http://www.prowerks.com/stranger > > > >> > > > >> MS> "Life is a series of small victories" - Gene Simmons > > > >> > > > >> > > > >> MS> FAQ: http://www.thenetprofits.co.uk/coldfusion/faq > > > >> MS> Archives: > http://www.mail-archive.com/cf-talk@houseoffusion.com/ > > > >> MS> Unsubscribe: > http://www.houseoffusion.com/index.cfm?sidebar=lists > > > >> > > > >> > > > A> > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
