RE: Refresh application-scoped variables

Mon, 14 Jul 2003 07:05:14 -0700 

You can also simply do

<cfif isDefined("url.init") and isUserInGroup(...)>

In other words, only allow a logged-in admin to flush the cache this
way.

========================================================================
===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
(www.mindseye.com)
Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia)

Email    : [EMAIL PROTECTED]
Blog     : www.camdenfamily.com/morpheus/blog
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -----Original Message-----
> From: Christian Cantrell [mailto:[EMAIL PROTECTED] 
> Sent: Monday, July 14, 2003 7:58 AM
> To: CF-Talk
> Subject: Re: Refresh application-scoped variables
> 
> 
> On Monday, July 14, 2003, at 01:19 AM, Sean A Corfield wrote:
> 
> > This is cool but what's to stop users from maliciously putting 
> > flushinit=true on the URL and repeatedly forcing your 
> application to 
> > re-initialize? Just curious...
> 
> The same thing that prevents users from maliciously screwing with any 
> query string or launching any type of DOS attack against any server: 
> nothing.  The theory is that the general public wouldn't know that 
> adding "flushinit=true" to your query string would reinitialize your 
> app.  If someone wants to use the tag but is concerned about 
> security, 
> it's easy to:
> 
> 1. Change "flushinit" to something more obscure (which is what I have 
> done in my applications that use it).
> 2. Require that the request come from a specific IP address.
> 3. Remove the functionality altogether.
> 
> Christian
> 
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to