> I have a page which allows access only if a user is coming
> from a specific page, and I use http_referer to grant or deny
> access. But I don't think Opera gives this variable. can
> anyone else verify that? And how do you get around it?
>
> The situation is people buy access to an article or series
> of articles through an online shop, and I am reasoning that
> if they have got as far as page 101625, they must have paid
> or been given appropriate access. (that means I can leave it
> to the guy who looks after page 101625 to make sure he
> restricts access appropriately. The code I'm using is as
> follows:
>
> <cfif isdefined("HTTP_REFERER") AND ...
I don't know how Opera behaves, offhand, but would like to point out a
couple of things anyway. First, you don't have to check for the existence of
CGI variables, as long as you use the CGI scope prefix. CF will always
create such variables if they don't exist. So, for example, this code would
work:
<cfif CGI.FOO_BAR is not "baz">
even though there's no variable called CGI.FOO_BAR.
Second, and more important, you can't rely on CGI.HTTP_REFERER for any
serious security anyway, since it's sent by the browser, and can easily be
set to whatever value the end user wants it to be (typically, they'd set it
to the value that you're expecting, I suppose).
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
