[thelist] CF: Security Question

.jeff jeff at members.evolt.org
Sun Jul 28 13:46:01 CDT 2002


> From: Frank
> All directories have an index.cfm that handle  URL/
> request.
> Protected segmentes are protected using Session vars,
> run from the Application file.
> Protected subsections have their own security.
> All action files, such as inserts, deletes and updates
> require a number of specific values to run. (No using
> IsDefined() here).
> Now, how can I prevent someone from accessing a
> component file of one of my fuses though a direct URL
> (who knows how they figure it out, I just want to
> handle it in case they do).
> Is there a way of preventing access to any document
> other than index.cfm from the user while allowing
> Cold Fusion full access to all it needs?  Especially:
> Is there a way short of putting some redirect header
> in each and every single document that I've created?

here's the simple answer.  sure, just throw a bit of code in your application.cfm file that will redirect to index.cfm if index.cfm isn't the requested file.

now for the more complicated answer.  if you're running everything through index.cfm, then why have all the other coldfusion files in a web accessible folder?  just move them and change the way your top level includes work.  now you don't have this hassle at all.


jeff at members.evolt.org

More information about the thelist mailing list