hehe right? man I am tired. Tim Heald ACP/CCFD Application Development www.schoollink.net
-----Original Message----- From: Tim Heald [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 3:33 AM To: [EMAIL PROTECTED] Subject: RE: breaking out of an FB3-secured app Hey peeps, Not all us yanks are asleep (we just should be). Kay, as far as the stats are concerned, what if instead of using a session variable to track the login and stuff you use client vars stored in the DB. Maybe I am misunderstanding, and it had been a very long and demanding day. But if you did that you could get all sorts of info. You can make them time out and everything. You can even make them expire when the user closes the browser by setting cfid and cf token into memory resident cookies. It's too late for me to really describe the specifics, but there is a good tutorial called session management: client vars advanced or some such on Hal's site. Also if you need to track specifically which pages where hit you could store those in the DB as client vars and run queries against. Hell you could right an app that was constantly updating the stats for them if you had the time. Again I may also be very tired and not making sense :) Tim Heald ACP/CCFD Application Development www.schoollink.net -----Original Message----- From: Nev [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 3:11 AM To: [EMAIL PROTECTED] Subject: RE: breaking out of an FB3-secured app Hi Kay, Is this little gem from a fellow fuseboxer of any value? I don't recall who it came from but maybe it will help? <cfscript> self = "index.cfm"; /*Put direct access cfm template names in this list*/ directAccessFiles = "#self#,test.cfm,"; AllowAccess = false; </cfscript> <cfloop list="#directAccessFiles#" index="file"> <cfscript> if (listFindNoCase(cgi.script_name, file, '/')) AllowAccess = true; </cfscript> </cfloop> <cfif not allowaccess> <cfinclude template="warning.cfm"><!--- ---> <!--- Run this code, including sending to request.self, or logging potential hack attempts ---> <!--- <cflocation url="#self#" addtoken="no"> ---> </cfif> And when exactly is LeeBB heading west? I'll certainly want to be on the "buy him a beer or two" list for the magic he contributes to the FB community. Nev >>> [EMAIL PROTECTED] 04/24/02 02:53pm >>> Hi Lee, Knew I could count on you to help me out! But then I guess it's that time of the day when our Yank friends are slumbering. What you're describing is exactly the method we were using before, but with cfcontent not cfinclude. However, there's a few things I need to keep in mind. Firstly, apart from changing the links to ".cfm" instead of ".html", I don't want to require anything else of the content guy. He's finding it tough, I already made him use relative links instead of absolute (his norm). Secondly, I have recently found out that these guys consider their visitor statistics to be vital, particularly exactly which pages are being requested most often. They are on shared hosting with LiveStats 5 and I already know from (painful) experience that it refuses to watch URLs the way it's meant to. What I was wondering was if there is any other amazing magical way... like maybe passing the login status to the application.cfm in the content directory, but in a secure way somehow. I don't know. It's been a long day, and I'm out of ideas. Thanks for your help, I owe you a beverage of your choice. By the time you finally make it out to Perth I'm going to owe you a lot of those :) K. -----Original Message----- From: BORKMAN Lee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 24 April 2002 2:40 PM To: '[EMAIL PROTECTED]' Subject: RE: breaking out of an FB3-secured app Hi Kay, If these "static" files are all stand-alone CFM templates, then you can CFINCLUDE them like any display fuse. How about a fuseaction called "static.showfile" which takes the filename as input, and dynamically includes the appropriate static file? Of course, you'd need to resolve any links within the static content. Is that the kind of thing you have in mind? LeeBB -----Original Message----- From: Kay Smoljak [mailto:[EMAIL PROTECTED]] Hi all, I have an interesting problem - well I think it's interesting anyway. I have an FB3 app for a subscription-based content site. My app handles all the subscriptions, payments, logins, logouts, permissions, updating of details, forgotten passwords etc etc. The protected content, which someone non-CF handles, is static html. It was going to be stored outside of the web root, but during testing the performance was quite bad, so I've decided to make the HTML person name all his files .cfm and store them in a particular directory within the web root. What I don't know is how I'm going to have access to these files controlled by my FB3 app, without requiring them to be in in the FB3 framework. Has anyone done anything like this before? Any ideas? Thanks in advance, Kay. IMPORTANT NOTICE: This e-mail and any attachment to it is intended only to be read or used by the named addressee. It is confidential and may contain legally privileged information. No confidentiality or privilege is waived or lost by any mistaken transmission to you. If you receive this e-mail in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. The RTA is not responsible for any unauthorised alterations to this e-mail or attachment to t. --=_134EE4D8.D8B9D694-- ------=_NextPartTM-000-8ec5d607-571b-11d6-953e-0 0105a68c8ef-- ${list_promo} ${list_promo} ==^================================================================ This email was sent to: [EMAIL PROTECTED] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bVTIch Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================ ------=_NextPart_000_0087_01C1EB40.C90ECFF0-- ${\list_promo ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================}
