?
Solved

How do i set the value for #cgi.script_name#

Posted on 2004-08-12
8
Medium Priority
?
2,836 Views
Last Modified: 2013-12-24
Hello,

Please a little clarification.

I have been reading about setting security on my application and came across with this

set the value for #cgi.script_name#.  I just don't get it.  

OK if after all the checking and validation and authenticating is done, i want the user the be presented with the "startuppage.cfm"

The full code in the book is:
<cflocation url="#cgi.script_name#">

Thanks.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786378
Hi mdbbound,
that is sure for security purpose.
I want to write more... but there is one link which explains everything with example so If I write more itwill be like I am reapting that site.
Please visit
http://www.easycfm.com/forums/viewmessages.cfm?Forum=11&Topic=268

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786556
Hi mdbbound,
there are more real examples also how you can set it and how you can prevent unauthorized user.
Following is the link of real example.
http://www.cargilldci.com/products/pdfs/application.cfm

Regards,
---Pinal
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11786891
You cann ot set the value for cgi.script_name

This variable is automatically set by the server.

You can access the value - as the example code shows (as in it redirects using a cflocation to cgi.script_name) but you shouldn't be setting it.

What security purpose do you think you might get by setting it ?
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 

Author Comment

by:mdbbound
ID: 11787236
Hi mrichmon,

good to hear from both of you.

No i just don't understand how the user can go to the specified page say

"startuppage.cfm"

after the username and password has been validated and authenticated.

The WACK (BenForta book) included the cgi code that i mentioned earlier but i just don't know how that can connect to my "startuppage.cfm".

Thanks.
0
 

Author Comment

by:mdbbound
ID: 11787685
Hi

I am only using the developer version.  So does this mean i cannot work on the security right now because I need some settings done in the actual server.

Please help, now I am confused. And lost. In panic.

I will have a presentation and i want to show the login modules.  Please.

I want to secure all the pages of my application and restrict the Administrator pages only to Administrators.

I still have some little things to work on my search forms, so If i set the password now, I have to login every time i want to see the effect of the changes.

Thanks
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11788598
You can do this restriction just by adding a login template/login logic to your application.cfm file which will run on every page call.


What book are you looking at?  It is covered in COld Fusion Web APplication Construction Kit 5th Ed.
0
 

Author Comment

by:mdbbound
ID: 11788953
Hi Mrich,

Yes that is the book, and it is in chapter 18.  

More specifically,

pages 474-475, Listing 18.3, LoginCheck.cfm - Granting Access When the User Name and Password Are Correct.

Sorry, this is just the way i use any code.  I make sure that i understand every part of it and all the required cfm. pages that are mentioned in it.  The last line is what confused me.

Thanks for looking into my post, no matter how crazy it is.
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 2000 total points
ID: 11788993
Ah well the reason that they use CGII.SCRIPT_NAME is that they are including the template from the application.cfm file which gets run when the page is called.

So if I try to go to "MyOrders.cfm" and that page requires a login then the application.cfm includes the login page and does <cflocation url="#CGI.SCRIPT_NAME#"> as the page to go to upon success.  When the page runs the server fills in the page I was trying to go to into the CGI.SCRIPT_NAME i.e. MyOrders.cfm and I am taken to that page if my login succeeds.

But if I want the user to always go to "startuppage.cfm" when they successfully log in then I would not use CGI.SCRIPT_NAME, but would actually put the startuppage.cfm into the cflocation since I do not want the user going where they were trying to go, but to instead go to my startup page.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
What You Need to Know when Searching for a Webhost Provider
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question