I've always put an error message in the <CFDEFAULTCASE> area. My reason for doing this
was not security but to aid with development. Plenty of times I've misspelled a
fuseaction in a
link or form, and I think it's better to get a nice fat error message during the
development stage.
I've seen people use <CFDEFAULTCASE> to handle the default fuseaction, but I think
this is a mistake. If you have any misspelled fuseaction links, the default
fuseaction will get
executed, which is an unintended action. Plus, if you decide to make a different
fuseaction the default, you have to do cutting and pasting into the default case area.
Josh Diehl
"McCollough, Alan" wrote:
> Yeah, its actually two ways of achieving the same goal. CFPARAM
> name="fusebox", and DEFAULTCASE will both handle the non-explicit fuseaction
> scenario. I think its really just a programming style decision from there.
>
> But wait! There *IS* a difference. You use 'em BOTH.
>
> Say some bonehead is trying to URL-hack, or out-fox you by typing
> "index.cfm?fuseaction=admin", or some other url-chop. If you have a default
> fuseaction (for no fuseaction supplied), and you receive a fuseaction that
> is *not* in your CFSWITCH, then you know its somebody doing a url-hack. Tell
> 'em to GET LOST with a CFDEFAULTCASE.
>
> Alan McCollough
> Web Programmer
> Allaire Certified ColdFusion Developer
> Alaska Native Medical Center
>
> > -----Original Message-----
> > From: Marc Funaro [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 06, 2000 7:21 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Stumped on the "new" FB
> >
> > What if someone wants to come to "http://www.yoursite.com", and no default
> > fuseaction is specified? You'd then be basically telling the person that
> > there's a problem simply because no fuseaction was specified. And if you
> > specify a default fuseaction, then you've eliminated the need for
> > CFDEFAULTCASE.
> >
> > Just playing devil's advocate, I know this is not a really big deal... ;)
> >
> > M
> >
> > -----Original Message-----
> > From: McCollough, Alan [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 06, 2000 11:04 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: Stumped on the "new" FB
> >
> >
> > CFDEFAULTCASE is actually really handy, as any non-explicit fuseactions
> > (or
> > lack of fuseaction) will end up there, and you can have a generic "Get
> > Lost"
> > page come up, or some other "How did you get here without an explicit
> > fuseaction, you loser!" type of page.
> >
> >
> > Alan McCollough
> > Web Programmer
> > Allaire Certified ColdFusion Developer
> > Alaska Native Medical Center
> >
> > > -----Original Message-----
> > > From: Marc Funaro [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 06, 2000 4:06 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Stumped on the "new" FB
> > >
> > > Well, I got one of my questions answered.
> > >
> > > I found the CFDEFAULTCASE tag; it is a "sub-tag" of CFSWITCH.
> > >
> > > MY COMMENT ON THIS: with a default fuseaction specified in each
> > > app_locals.cfm file, specifying a CFDEFAULTCASE seems redundant, and
> > > actually unwise as it appears to require duplication of a fuse into the
> > > opening and closing CFDEFAULTCASE tags. Am I misunderstanding this? If
> > > not
> > > please note that CFDEFAULTCASE appears in the fusebox example apps.
> > >
> > > Another, off-topic question: how can I get the results of an error
> > > message
> > > emailed to me from a CFCATCH tag, so I can monitor a site? I can't find
> > a
> > > "variable" that might contain the error text in the CF Documentation.
> > >
> > > Thanks in advance,
> > >
> > > Marc
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Marc Funaro [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, September 05, 2000 9:20 PM
> > > To: Fusebox ListServ (E-mail)
> > > Subject: Stumped on the "new" FB
> > >
> > >
> > > Hello all,
> > >
> > > Been following the list for a long time, and even posted in the past;
> > some
> > > of you may remember me (That would be cool ! :). Well, I have been on a
> > > couple of projects that were NOT fusebox :( (hence my absence), and now
> > I
> > > am
> > > starting a new one that is. With that in mind, I have basically been
> > > diving
> > > back into the new spec for fusebox, and I am realizing that even with my
> > > list subscription, there's still quite a few things that I have missed!
> > I
> > > was wondering if some kind souls might help me out with the questions
> > > below;
> > > I have read the version 2.0 specs, but I won't really understand until I
> > > actually put the new techniques into the context of my project.
> > >
> > > 1. I downloaded the example apps. One of the index files has opening
> > and
> > > closing <cfdefaultcase> tags. What is this?
> > >
> > > 2. the FormURL2Attributes tag supports "search friendly urls". I want
> > to
> > > try this for the very first time, but I am concerned -- if I write my
> > app
> > > this way, will I have any problems getting it to work on just "any" host
> > > server? If there's special configuration that is required from the
> > host,
> > > I
> > > may have to abandon this... can anyone help with the pitfalls (if any)?
> > >
> > > 3. I started to work with the version of Steve Nelson's "spec" app, but
> > I
> > > had trouble understanding how it was to be used. I couldn't find any
> > more
> > > extensive documentation on it... It is possible I have an old version
> > > also.
> > > Where can I go to get instructions on this app, and perhaps the latest
> > > version?
> > >
> > >
> > > Thank you all for your patience with the above questions. I look
> > forward
> > > to
> > > re-joining the FuseBox community.
> > >
> > >
> > > ~~~~~~~~~~~~~~~~~~~~
> > > Marc Funaro, President
> > > Advantex Technical Consulting Services
> > > 5547 State Highway 12
> > > Norwich, NY 13815
> > > Phone: 607-336-6895
> > > Fax: 801-383-4864
> > > Internet: http://www.advantex.net
> > > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > >
> > >
> > > "You know, I have one simple request... and that is,
> > > to have SHARKS with Frickin' LASER BEAMS attached
> > > to their HEADS..."
> > >
> > > --Dr. Evil
> > >
> > >
> > > *******************************************
> > >
> > >
> > --------------------------------------------------------------------------
> > > --
> > > --
> > > To Unsubscribe visit
> > > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
> > or
> > > send a message to [EMAIL PROTECTED] with 'unsubscribe'
> > in
> > > the body.
> > >
> > >
> > --------------------------------------------------------------------------
> > > ----
> > > To Unsubscribe visit
> > > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox
> > or
> > > send a message to [EMAIL PROTECTED] with 'unsubscribe'
> > in
> > > the body.
> > --------------------------------------------------------------------------
> > --
> > --
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> > the body.
> >
> > --------------------------------------------------------------------------
> > ----
> > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> > the body.
> ------------------------------------------------------------------------------
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
