How about adding a querystring hash to your querystring. Follow me on this... Your links will change from href="myPage.cfm?id=5" to href="myPage.cfm?#buildLink("id=5")#". The buildLink (or whatever you call it) UDF will make a hash of your querystring plus a local salt, plus a session salt. buildLink will add the hash to your querystring, and produce something like this: href="myPage.cfm?id=5&secure=65ARE634HN4S564GA6"
But that's not all... Have buildLink also encrypt your URL. Even the basic cfusion_encrypt() function will work. Your new link will be like href="myPage.cfm?9867BNS85NS95H9R86HS87R6H85S7FD8G" Then just add a filter on the other end to decrypt your encrypted query string, recreate the URL scope variables and verify that the string, minus the "secure" param (the hash) is the same as those other values, plus your salt values, hashed. Even still, it will not be 100% unhackable, but it will be closer. -- nathan strutz http://www.dopefly.com/ On Tue, May 6, 2008 at 3:20 PM, Bruce Sorge <[EMAIL PROTECTED]> wrote: > Howdy all, > My help desk site I am building uses a URL variable for the ticket ID > when the admin or user is viewing details, and I seem to recall reading > somewhere that you can write your code so that if the user decides to > change the ID number in the URL, it will default to the one they > originally opened, thus keeping the user from viewing other tickets > unless they go back and click on another one to open. Does anyone recall > where this example is? I did a quick search but could not find it. > > Thanks, > > Bruce > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:304851 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4