A more secure solution would be to set up a db table for template lookups,
with an ID number for reference, and the actual template name as a separate
field.
Which is more secure?
index.cfm?fuseaction=admin&template=admin.cfm
or...
index.cfm?fuseaction=admin&template=3
Of course, to really blow their minds, use a UUID as the ID field. That'll
keep the URL manglers busy....
Alan McCollough
Web Programmer
Allaire Certified ColdFusion Developer
Alaska Native Medical Center
> -----Original Message-----
> From: Brandon Paolin [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, January 12, 2001 5:22 AM
> To: Fusebox
> Subject: Re: passing page name through url
>
> but if you do pass the .cfm in the url (assuming that all your pages are
> cfm) , and set in the application file to redirect if its not the
> index.cfm,
> then people shouldn't be able to get to any other files, right?
>
{redacted}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
