also, a simple if statement in your application.cfm will keep them from
viewing files without going through the index.cfm page.
For instance if you had a file called dsp_mypage.cfm. If someone wanted to
view it they would simply type its path into thier browser. That's not so
bad unless that page is behind a login page. So to keep people from doing
that, just put something like this in that directory's application.cfm
<cfparam name="client_PATH_INFO"
default="/mywebsitedirectory/login/index.cfm">
<cfif CGI.PATH_INFO IS NOT client_PATH_INFO AND CGI.HTTP_REFERER is "">
<cflocation url="#web_path#dsp_clientlogin_access_error.cfm">
</cfif>
Because we use fusebox, that is all you need for directory security.
----- Original Message -----
From: "Erki Esken" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 20, 2000 9:30 AM
Subject: Re: Security considerations with index.cfm
> > That's what happens when I think too early in the morning. I
> > better stick to reading my e-mail this early, heh heh heh...
>
> It's so weird sometimes... It's 18:30 here and I'm finishing up
> and going home soon and you are just starting your day.
>
>
> Erki
>
> --------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
