• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2849
  • Last Modified:

How do i set the value for #cgi.script_name#

Hello,

Please a little clarification.

I have been reading about setting security on my application and came across with this

set the value for #cgi.script_name#.  I just don't get it.  

OK if after all the checking and validation and authenticating is done, i want the user the be presented with the "startuppage.cfm"

The full code in the book is:
<cflocation url="#cgi.script_name#">

Thanks.
0
mdbbound
Asked:
mdbbound
  • 3
  • 3
  • 2
1 Solution
 
pinaldaveCommented:
Hi mdbbound,
that is sure for security purpose.
I want to write more... but there is one link which explains everything with example so If I write more itwill be like I am reapting that site.
Please visit
http://www.easycfm.com/forums/viewmessages.cfm?Forum=11&Topic=268

Regards,
---Pinal
0
 
pinaldaveCommented:
Hi mdbbound,
there are more real examples also how you can set it and how you can prevent unauthorized user.
Following is the link of real example.
http://www.cargilldci.com/products/pdfs/application.cfm

Regards,
---Pinal
0
 
mrichmonCommented:
You cann ot set the value for cgi.script_name

This variable is automatically set by the server.

You can access the value - as the example code shows (as in it redirects using a cflocation to cgi.script_name) but you shouldn't be setting it.

What security purpose do you think you might get by setting it ?
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
mdbboundAuthor Commented:
Hi mrichmon,

good to hear from both of you.

No i just don't understand how the user can go to the specified page say

"startuppage.cfm"

after the username and password has been validated and authenticated.

The WACK (BenForta book) included the cgi code that i mentioned earlier but i just don't know how that can connect to my "startuppage.cfm".

Thanks.
0
 
mdbboundAuthor Commented:
Hi

I am only using the developer version.  So does this mean i cannot work on the security right now because I need some settings done in the actual server.

Please help, now I am confused. And lost. In panic.

I will have a presentation and i want to show the login modules.  Please.

I want to secure all the pages of my application and restrict the Administrator pages only to Administrators.

I still have some little things to work on my search forms, so If i set the password now, I have to login every time i want to see the effect of the changes.

Thanks
0
 
mrichmonCommented:
You can do this restriction just by adding a login template/login logic to your application.cfm file which will run on every page call.


What book are you looking at?  It is covered in COld Fusion Web APplication Construction Kit 5th Ed.
0
 
mdbboundAuthor Commented:
Hi Mrich,

Yes that is the book, and it is in chapter 18.  

More specifically,

pages 474-475, Listing 18.3, LoginCheck.cfm - Granting Access When the User Name and Password Are Correct.

Sorry, this is just the way i use any code.  I make sure that i understand every part of it and all the required cfm. pages that are mentioned in it.  The last line is what confused me.

Thanks for looking into my post, no matter how crazy it is.
0
 
mrichmonCommented:
Ah well the reason that they use CGII.SCRIPT_NAME is that they are including the template from the application.cfm file which gets run when the page is called.

So if I try to go to "MyOrders.cfm" and that page requires a login then the application.cfm includes the login page and does <cflocation url="#CGI.SCRIPT_NAME#"> as the page to go to upon success.  When the page runs the server fills in the page I was trying to go to into the CGI.SCRIPT_NAME i.e. MyOrders.cfm and I am taken to that page if my login succeeds.

But if I want the user to always go to "startuppage.cfm" when they successfully log in then I would not use CGI.SCRIPT_NAME, but would actually put the startuppage.cfm into the cflocation since I do not want the user going where they were trying to go, but to instead go to my startup page.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now