Just as a precaution, though I'm sure many of you know this... Using "CONTAIN" when testing url strings is almost worthless - since a url like http://www.crackers.com/hackattempt/haha.html?fool=template1.cfm is completely valid... > <CFIF cgi.http_referer does not contain "template1.cfm"> > <H1>Unauthorized host detected! Access denied!</H1> > <CFABORT SHOWERROR="You are not authorized to use this > function!"> > </CFIF> > > I also augmented the header line with an <a href> back to the login > screen. > > <cfif cgi.http_referer does not contain "login.cfm"> > <h2>Unauthorized access method detected?<br> > <a href="http://129.174.xx.xxx/ssh/index.cfm";> Please login</a></h2> > <cfabort showerror="You have to login first!"> > </cfif> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
