RE: File Security

Tue, 29 Aug 2000 11:20:53 -0700 

The application.cfm suggestion made by Matthew Walker is the A+ way to go.

NAT

-----Original Message-----
From: Shannon Hicks [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 10:00 AM
To: [EMAIL PROTECTED]
Subject: RE: File Security


you can set a temporary variable in the app_globals file... then check for
that variable on each page.

Otherwise, my personal opinion is who cares if the user types in the exact
file.... most likely it'll break the application, and they'll get some ugly
CF error... In which case I don't care, because they're obviously doing
something they aren't supposed to.

If a specific file needs to be protected, then I'd suggest the above method.

-----Original Message-----
From: Dustin Breese [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 11:38 AM
To: [EMAIL PROTECTED]
Subject: File Security


This has probably been asked before, so please forgive.  (I couldn't find a
way to search past discussions on houseoffusion.com.)

My question is: what keeps a web-user from typing in the exact path of a QRY
or ACT file or any other file in your application other than index.cfm?  One
approach that my collegue uses is to give any "CFINCLUDED" files a ".INC"
filename extension and then map .INC to a null device so the web server
doesn't allow access to it.

What have you done in the past?

Thanks,
Dustin


----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to