Check the http referer. If it is the same as the script name, don't allow
them in... kick them out.
Might not be 100% foolproof.. I believe I've heard it said that some web
serers and/or browsers don't always shell out the http_referer
information... but it's at least good for a 97% solution.
|-----Original Message-----
|From: Hubert Earl [mailto:[EMAIL PROTECTED]]
|Sent: Thursday, March 08, 2001 10:48 PM
|To: CF-Talk
|Subject: Protecting an admin page
|
|
|Hi,
|
|I have an admin page which can be accessed thru a login page.
|However, as
|it now stands, if someone were to learn bookmark that page, he
|or she could
|return to it via the bookmark, rather than via the login page.
| How can I
|ensure that someone could only access the admin page via the
|login page?
|
|Sincerely,
|---
|Hubert Earl
|
|ICQ#: 16199853
|AIM: hubertfme
|
|See pictures of items in my Jamaican Art, Craft & More Store
|Online Sale on
|my "Me" page on eBay (this tells you a little about myself, including a
|photo), and there's a link to the auctions themselves:
|http://members.ebay.com/aboutme/hearl1/
|
|See pictures of all items I have:
|http://www.angelfire.com/ny/hearl/link_page_on_angelfire.html
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
