Solved

How do i set the value for #cgi.script_name#

Posted on 2004-08-12
8
2,832 Views
Last Modified: 2013-12-24
Hello,

Please a little clarification.

I have been reading about setting security on my application and came across with this

set the value for #cgi.script_name#.  I just don't get it.  

OK if after all the checking and validation and authenticating is done, i want the user the be presented with the "startuppage.cfm"

The full code in the book is:
<cflocation url="#cgi.script_name#">

Thanks.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786378
Hi mdbbound,
that is sure for security purpose.
I want to write more... but there is one link which explains everything with example so If I write more itwill be like I am reapting that site.
Please visit
http://www.easycfm.com/forums/viewmessages.cfm?Forum=11&Topic=268

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786556
Hi mdbbound,
there are more real examples also how you can set it and how you can prevent unauthorized user.
Following is the link of real example.
http://www.cargilldci.com/products/pdfs/application.cfm

Regards,
---Pinal
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11786891
You cann ot set the value for cgi.script_name

This variable is automatically set by the server.

You can access the value - as the example code shows (as in it redirects using a cflocation to cgi.script_name) but you shouldn't be setting it.

What security purpose do you think you might get by setting it ?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:mdbbound
ID: 11787236
Hi mrichmon,

good to hear from both of you.

No i just don't understand how the user can go to the specified page say

"startuppage.cfm"

after the username and password has been validated and authenticated.

The WACK (BenForta book) included the cgi code that i mentioned earlier but i just don't know how that can connect to my "startuppage.cfm".

Thanks.
0
 

Author Comment

by:mdbbound
ID: 11787685
Hi

I am only using the developer version.  So does this mean i cannot work on the security right now because I need some settings done in the actual server.

Please help, now I am confused. And lost. In panic.

I will have a presentation and i want to show the login modules.  Please.

I want to secure all the pages of my application and restrict the Administrator pages only to Administrators.

I still have some little things to work on my search forms, so If i set the password now, I have to login every time i want to see the effect of the changes.

Thanks
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11788598
You can do this restriction just by adding a login template/login logic to your application.cfm file which will run on every page call.


What book are you looking at?  It is covered in COld Fusion Web APplication Construction Kit 5th Ed.
0
 

Author Comment

by:mdbbound
ID: 11788953
Hi Mrich,

Yes that is the book, and it is in chapter 18.  

More specifically,

pages 474-475, Listing 18.3, LoginCheck.cfm - Granting Access When the User Name and Password Are Correct.

Sorry, this is just the way i use any code.  I make sure that i understand every part of it and all the required cfm. pages that are mentioned in it.  The last line is what confused me.

Thanks for looking into my post, no matter how crazy it is.
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
ID: 11788993
Ah well the reason that they use CGII.SCRIPT_NAME is that they are including the template from the application.cfm file which gets run when the page is called.

So if I try to go to "MyOrders.cfm" and that page requires a login then the application.cfm includes the login page and does <cflocation url="#CGI.SCRIPT_NAME#"> as the page to go to upon success.  When the page runs the server fills in the page I was trying to go to into the CGI.SCRIPT_NAME i.e. MyOrders.cfm and I am taken to that page if my login succeeds.

But if I want the user to always go to "startuppage.cfm" when they successfully log in then I would not use CGI.SCRIPT_NAME, but would actually put the startuppage.cfm into the cflocation since I do not want the user going where they were trying to go, but to instead go to my startup page.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
What You Need to Know when Searching for a Webhost Provider
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question