Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do i set the value for #cgi.script_name#

Posted on 2004-08-12
8
Medium Priority
?
2,845 Views
Last Modified: 2013-12-24
Hello,

Please a little clarification.

I have been reading about setting security on my application and came across with this

set the value for #cgi.script_name#.  I just don't get it.  

OK if after all the checking and validation and authenticating is done, i want the user the be presented with the "startuppage.cfm"

The full code in the book is:
<cflocation url="#cgi.script_name#">

Thanks.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786378
Hi mdbbound,
that is sure for security purpose.
I want to write more... but there is one link which explains everything with example so If I write more itwill be like I am reapting that site.
Please visit
http://www.easycfm.com/forums/viewmessages.cfm?Forum=11&Topic=268

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11786556
Hi mdbbound,
there are more real examples also how you can set it and how you can prevent unauthorized user.
Following is the link of real example.
http://www.cargilldci.com/products/pdfs/application.cfm

Regards,
---Pinal
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11786891
You cann ot set the value for cgi.script_name

This variable is automatically set by the server.

You can access the value - as the example code shows (as in it redirects using a cflocation to cgi.script_name) but you shouldn't be setting it.

What security purpose do you think you might get by setting it ?
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:mdbbound
ID: 11787236
Hi mrichmon,

good to hear from both of you.

No i just don't understand how the user can go to the specified page say

"startuppage.cfm"

after the username and password has been validated and authenticated.

The WACK (BenForta book) included the cgi code that i mentioned earlier but i just don't know how that can connect to my "startuppage.cfm".

Thanks.
0
 

Author Comment

by:mdbbound
ID: 11787685
Hi

I am only using the developer version.  So does this mean i cannot work on the security right now because I need some settings done in the actual server.

Please help, now I am confused. And lost. In panic.

I will have a presentation and i want to show the login modules.  Please.

I want to secure all the pages of my application and restrict the Administrator pages only to Administrators.

I still have some little things to work on my search forms, so If i set the password now, I have to login every time i want to see the effect of the changes.

Thanks
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11788598
You can do this restriction just by adding a login template/login logic to your application.cfm file which will run on every page call.


What book are you looking at?  It is covered in COld Fusion Web APplication Construction Kit 5th Ed.
0
 

Author Comment

by:mdbbound
ID: 11788953
Hi Mrich,

Yes that is the book, and it is in chapter 18.  

More specifically,

pages 474-475, Listing 18.3, LoginCheck.cfm - Granting Access When the User Name and Password Are Correct.

Sorry, this is just the way i use any code.  I make sure that i understand every part of it and all the required cfm. pages that are mentioned in it.  The last line is what confused me.

Thanks for looking into my post, no matter how crazy it is.
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 2000 total points
ID: 11788993
Ah well the reason that they use CGII.SCRIPT_NAME is that they are including the template from the application.cfm file which gets run when the page is called.

So if I try to go to "MyOrders.cfm" and that page requires a login then the application.cfm includes the login page and does <cflocation url="#CGI.SCRIPT_NAME#"> as the page to go to upon success.  When the page runs the server fills in the page I was trying to go to into the CGI.SCRIPT_NAME i.e. MyOrders.cfm and I am taken to that page if my login succeeds.

But if I want the user to always go to "startuppage.cfm" when they successfully log in then I would not use CGI.SCRIPT_NAME, but would actually put the startuppage.cfm into the cflocation since I do not want the user going where they were trying to go, but to instead go to my startup page.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question