Solved

How do i set the value for #cgi.script_name#

Posted on 2004-08-12
8
2,772 Views
Last Modified: 2013-12-24
Hello,

Please a little clarification.

I have been reading about setting security on my application and came across with this

set the value for #cgi.script_name#.  I just don't get it.  

OK if after all the checking and validation and authenticating is done, i want the user the be presented with the "startuppage.cfm"

The full code in the book is:
<cflocation url="#cgi.script_name#">

Thanks.
0
Comment
Question by:mdbbound
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi mdbbound,
that is sure for security purpose.
I want to write more... but there is one link which explains everything with example so If I write more itwill be like I am reapting that site.
Please visit
http://www.easycfm.com/forums/viewmessages.cfm?Forum=11&Topic=268

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi mdbbound,
there are more real examples also how you can set it and how you can prevent unauthorized user.
Following is the link of real example.
http://www.cargilldci.com/products/pdfs/application.cfm

Regards,
---Pinal
0
 
LVL 35

Expert Comment

by:mrichmon
Comment Utility
You cann ot set the value for cgi.script_name

This variable is automatically set by the server.

You can access the value - as the example code shows (as in it redirects using a cflocation to cgi.script_name) but you shouldn't be setting it.

What security purpose do you think you might get by setting it ?
0
 

Author Comment

by:mdbbound
Comment Utility
Hi mrichmon,

good to hear from both of you.

No i just don't understand how the user can go to the specified page say

"startuppage.cfm"

after the username and password has been validated and authenticated.

The WACK (BenForta book) included the cgi code that i mentioned earlier but i just don't know how that can connect to my "startuppage.cfm".

Thanks.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:mdbbound
Comment Utility
Hi

I am only using the developer version.  So does this mean i cannot work on the security right now because I need some settings done in the actual server.

Please help, now I am confused. And lost. In panic.

I will have a presentation and i want to show the login modules.  Please.

I want to secure all the pages of my application and restrict the Administrator pages only to Administrators.

I still have some little things to work on my search forms, so If i set the password now, I have to login every time i want to see the effect of the changes.

Thanks
0
 
LVL 35

Expert Comment

by:mrichmon
Comment Utility
You can do this restriction just by adding a login template/login logic to your application.cfm file which will run on every page call.


What book are you looking at?  It is covered in COld Fusion Web APplication Construction Kit 5th Ed.
0
 

Author Comment

by:mdbbound
Comment Utility
Hi Mrich,

Yes that is the book, and it is in chapter 18.  

More specifically,

pages 474-475, Listing 18.3, LoginCheck.cfm - Granting Access When the User Name and Password Are Correct.

Sorry, this is just the way i use any code.  I make sure that i understand every part of it and all the required cfm. pages that are mentioned in it.  The last line is what confused me.

Thanks for looking into my post, no matter how crazy it is.
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
Comment Utility
Ah well the reason that they use CGII.SCRIPT_NAME is that they are including the template from the application.cfm file which gets run when the page is called.

So if I try to go to "MyOrders.cfm" and that page requires a login then the application.cfm includes the login page and does <cflocation url="#CGI.SCRIPT_NAME#"> as the page to go to upon success.  When the page runs the server fills in the page I was trying to go to into the CGI.SCRIPT_NAME i.e. MyOrders.cfm and I am taken to that page if my login succeeds.

But if I want the user to always go to "startuppage.cfm" when they successfully log in then I would not use CGI.SCRIPT_NAME, but would actually put the startuppage.cfm into the cflocation since I do not want the user going where they were trying to go, but to instead go to my startup page.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now