Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Need some help with added security...

Posted on 2009-04-01
3
498 Views
Last Modified: 2013-12-25
Hello,

I would like to secure my checkout page. I'm using a SSL for the checkout page I have setup however I would like to include in the application.cfm file a way that it checks that nobody can ever get away from the SSL...so....there are two parts to this need.


1. I need to make sure nobody can type in "http://sitedomain.com and continue through the site without the (www) so the user needs to be redirected to http://www.sitedomain.com and continue on any page they navigated to.

2. I need to make sure for my checkout.cfm page that the user can never be on that page unless it's secure.... so... https://www.sitedomain.com 

B
0
Comment
Question by:brihol44
3 Comments
 
LVL 16

Accepted Solution

by:
duncancumming earned 500 total points
ID: 24046174
For the first part, this should work:
<cfif NOT REFind("www.", CGI.HTTP_HOST)>
    <cflocation url="http://www.#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

For the second part, add this to checkout.cfm:


<cfif CGI.HTTPS NEQ "on">
	<cflocation url="https://#CGI.http_host##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" addtoken="false">
</cfif>

Open in new window

0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24046247
CGI variables will help you. specifically, CGI.SERVER_NAME and SGI.SERVER_PORT_SECURE.

put something like this in your Application.cfm file:


<cfif cgi.server_name is 'yoursite.com'><!--- domain requested without WWW --->

 <cflocation url="#iif(cgi.https is 'on' OR cgi.server_port_secure OR listlast(cgi.script_name) is 'checkout.cfm', de('https'), de('http'))#://www.#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
 <cfabort>

<cfelse><!--- domain requested with WWW - check for required https connection --->

 <cfif listlast(cgi.script_name, "/\") is "checkout.cfm" AND (cgi.https is 'off' OR (NOT cgi.server_port_secure))>
  <cflocation url="https://#cgi.server_name & cgi.script_name#?#cgi.query_string#" addtoken="no">
  <cfabort>
 </cfif>

</cfif>

Azadi
0
 

Author Closing Comment

by:brihol44
ID: 31565630
Thanks!  The  solution worked well.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question