I'd recommend doing this: <cfif compare(listLast(cgi.script_name, "/"), "index.cfm")> <cflocation url="/" /> </cfif>
That'll flat out disallow templates other than index.cfm from running, which is what you typically want. It has the nice side effect of preventing you from circumventing the framework as well. However, if you really want to do it right, only put index.cfm in the web root, and have it include the core file from a directory that's not web accessible at all. Of course, that precludes the ability to put static content in your circuits for organizational purposes. barneyb --- Barney Boisvert, Senior Development Engineer AudienceCentral (formerly PIER System, Inc.) [EMAIL PROTECTED] voice : 360.756.8080 x12 fax : 360.647.5351 www.audiencecentral.com > -----Original Message----- > From: Matthew Walker [mailto:[EMAIL PROTECTED] > Sent: Monday, March 31, 2003 11:57 AM > To: CF-Talk > Subject: Re: Fusebox circuits (was: CFCs - get'ers Vs. return object > > > > However, you should only put files in a web-accessible directory if you > > intend for people to be able to fetch or run them directly within their > > browser by entering the appropriate URL. If you have files that aren't > > intended to be used that way, they shouldn't be in a web-accessible > > directory. If your shared host can't provide the minimal functionality > > required to segregate web content from non-web content, you should find > > another shared host. > > I simply prefix any file that shouldn't be run directly with dsp_ > or act_ or > similar, and add > > <cfif reFind("/..._", cgi.script_name)> > <cflocation url=""> > </cfif> > > to application.cfm . Tell me why that's less secure. > > Matthew Walker > Electric Sheep Web > http://www.electricsheep.co.nz/ > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
