browser. The application contains reasonably robust security checking
within the application.cfm template.
However, seeing that the final pdf's were presented via a
"parent.location.href="" statement, blatantly displayed in the
location bar, I felt this to be a serious security lapse - it would be easy
to bookmark the final pdf or possibly even guess other pdf names.
I reworked the app, removing web access from the pdf directory and using a
cfcontent tag to deliver the pdf, believing this increased security, by
incorporating the application.cfm security framework and it works fine.
The client decided to deploy SSL on the site and now, as the pdf is
delivered, the user is always greeted with the dialog 'This page contains
both secure and insecure content. Do you wish to display the insecure
content?' The client does not want to see this message.
Near as I can tell, this message is completely bogus in this context -
still, the only way I have found to remove it is to revert to the former
*insecure* code.
The app is running on NT and CF4.5 with little hopes of an upgrade soon.
I've seen a few postings here and there about similar problems. The ENTIRE
site uses SSL.
Is this a known bug? Any work-arounds? I've tried various hacks with
cfheader, cffile and cfoutput to no avail. Suggestions, please!
Thanks in advance.
Chuck McElwee
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
