How about adding a querystring hash to your querystring.
Follow me on this...
Your links will change from href="myPage.cfm?id=5" to
href="myPage.cfm?#buildLink("id=5")#". The buildLink (or whatever you call
it) UDF will make a hash of your querystring plus a local salt, plus a
session salt. buildLink will add the hash to your querystring, and produce
something like this: href="myPage.cfm?id=5&secure=65ARE634HN4S564GA6"
But that's not all...
Have buildLink also encrypt your URL. Even the basic cfusion_encrypt()
function will work. Your new link will be like
href="myPage.cfm?9867BNS85NS95H9R86HS87R6H85S7FD8G"
Then just add a filter on the other end to decrypt your encrypted query
string, recreate the URL scope variables and verify that the string, minus
the "secure" param (the hash) is the same as those other values, plus your
salt values, hashed.
Even still, it will not be 100% unhackable, but it will be closer.
--
nathan strutz
http://www.dopefly.com/
On Tue, May 6, 2008 at 3:20 PM, Bruce Sorge <[EMAIL PROTECTED]> wrote:
> Howdy all,
> My help desk site I am building uses a URL variable for the ticket ID
> when the admin or user is viewing details, and I seem to recall reading
> somewhere that you can write your code so that if the user decides to
> change the ID number in the URL, it will default to the one they
> originally opened, thus keeping the user from viewing other tickets
> unless they go back and click on another one to open. Does anyone recall
> where this example is? I did a quick search but could not find it.
>
> Thanks,
>
> Bruce
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304851
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
