Of course. Without the cfflush, the JS bit and eny other content
you've written is reset by the CFCONTENT tag.
Never rely on JS or any other browser output to secure your apps. All
security should be server-side.
On 8/20/06, Crow T. Robot <[EMAIL PROTECTED]> wrote:
>
> <cfquery name="qry_ck_IP">
> SELECT IP
> FROM IP_LCK
> WHERE user_IP = #IP#
> </cfquery>
>
> <cfif qry_ck_IP.RecordCount EQ 0>
> <javascript>
> alert("You are not allowed be here. Get out");
> </javascript>
> <cfflush>
> </cfif>
>
> in doc_server.cfm (again, pseudocode)
>
> <cfif NOT isDefined("URL.file")>
> <cflocation URL = "index.cfm">
> </cfif>
>
> <cfcontent type="application/msword" file="#ExpandPath(file)#"
> deletefile="no">
>
> This seems to work. Taking out the cfflush "breaks" my authentication
> scheme.
--
CFAJAX docs and other useful articles:
http://www.bifrost.com.au/blog/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250380
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
