SELECT * FROM Drivers WHERE DriverNumber = '#LoginName#' AND Password = '#Password#' Failed Securty

Invalid LogIn Information

You Have Entered Invalid LogIn Information. Try Again?

Return to LogIn Page
Failed Security


Session Timed-Out or Invalid Information!

Your Sesson has Timed-Out, or you have Entered Invalid Information.
Return to the LogIn Page and Re-Enter the Application.


Return to LogIn Page
SELECT * FROM Drivers WHERE (DriverNumber='#Session.User_ID#') AND (Password='#Session.Password#') Failed Security

Session Timed-Out or Invalid Information!

Your Sesson has Timed-Out, or you have entered Invalid Information.
Return to the LogIn Page and Re-Enter the Application.


Return to LogIn Page
[allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => MJP22 [ip] => webforumsuser@m [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 1 [islastshown] => [isfirstshown] => 1 [attachments] => [allattachments] => ) --> Hiding URL Variables - Coldfusion - Advanced Techniques

Hiding URL Variables - Coldfusion - Advanced Techniques

Hi, Is there an easy way to hide variables passed in URLs? Here is my application.cfm that is used to login. Sometimes you can see the driver number and password in the Netscape window as part of the URL. Someone looking over the shoulder could learn someone else's login information. Thanks, -Mark- <CFAPPLICATION NAME="YCC_Drivers" CLIENTMANAGEMENT="Yes" SESSIONMANAGEMENT="Yes" SESSIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#" APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"> <!--- Check to see if the Driver is logging on ---> <CFIF #ParameterExists(LoginName)# is "Yes"> <!--- Query retrieves user information for database ---> <CFQUERY NAME="CheckName" DATASOURCE="YCC_Drivers"> SELECT * FROM Drivers WHERE DriverNumber = '#LoginName#' AND Password = '#Password#' </CFQUERY> <!--- If there ...

  1. #1

    Default Hiding URL Variables

    Hi,

    Is there an easy way to hide variables passed in URLs? Here is my
    application.cfm that is used to login. Sometimes you can see the driver number
    and password in the Netscape window as part of the URL. Someone looking over
    the shoulder could learn someone else's login information.

    Thanks,

    -Mark-

    <CFAPPLICATION NAME="YCC_Drivers" CLIENTMANAGEMENT="Yes"
    SESSIONMANAGEMENT="Yes" SESSIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"
    APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#">

    <!--- Check to see if the Driver is logging on --->

    <CFIF #ParameterExists(LoginName)# is "Yes">

    <!--- Query retrieves user information for database --->

    <CFQUERY NAME="CheckName" DATASOURCE="YCC_Drivers">
    SELECT * FROM Drivers WHERE DriverNumber = '#LoginName#' AND Password =
    '#Password#'
    </CFQUERY>


    <!--- If there is no information in the database that matches the user entered
    information, reject the authorization --->

    <CFIF #CheckName.RecordCount# is 0>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Failed Securty</title>
    <meta name="Description" content="">
    <meta name="Keywords" content="">
    <base href="" target="_self">
    <style type="text/css">
    BODY {
    color: #000080;
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    scrollbar-3dlight-color : #999999;
    scrollbar-arrow-color : Yellow;
    scrollbar-base-color : #666666;
    scrollbar-darkshadow-color : Black;
    scrollbar-face-color : #666666;
    scrollbar-highlight-color : #999999;
    scrollbar-shadow-color : #999999;
    scrollbar-track-color : #8B8B8B;
    background-color: #000080;
    }

    table {
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    }
    </style>
    </head>
    <body bgcolor="#000080" text="#FFFFFF" link="#FFFFFF" vlink="#FFFFFF"
    alink="#FFFFFF">
    <BR>
    <BR>
    <CENTER>
    <FONT SIZE="+1"><B>Invalid LogIn Information</B></FONT><BR>
    <BR>
    <B>You Have Entered Invalid LogIn Information. Try Again?</B><BR>
    <BR>
    <A HREF="http://128.242.115.144/login.html" TARGET="_self"<B>Return to LogIn
    Page</B></A>
    </CENTER>
    </BODY>
    </HTML>

    <CFABORT>

    <!--- If the user is in the database, set the Client variable. It can be used
    in future security checks --->
    <CFELSE>

    <CFSET #Session.User_ID# = #CheckName.DriverNumber#>
    <CFSET #Session.Password# = #CheckName.Password#>


    </CFIF>

    <!--- If the user is not logging on at this time --->

    <CFELSE>

    <!--- If no Session variable exists, reject the user --->

    <CFIF #ParameterExists(Session.User_ID)# is "No">
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Failed Security</title>
    <meta name="Description" content="">
    <meta name="Keywords" content="">
    <base href="" target="_self">
    <style type="text/css">
    BODY {
    color: #000080;
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    scrollbar-3dlight-color : #999999;
    scrollbar-arrow-color : Yellow;
    scrollbar-base-color : #666666;
    scrollbar-darkshadow-color : Black;
    scrollbar-face-color : #666666;
    scrollbar-highlight-color : #999999;
    scrollbar-shadow-color : #999999;
    scrollbar-track-color : #8B8B8B;
    background-color: #000080;
    }

    table {
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    }
    </style>
    </head>
    <body bgcolor="#000080" text="#FFFFFF" link="#FFFFFF" vlink="#FFFFFF"
    alink="#FFFFFF">
    <DIV ALIGN="center">
    <BR>
    <BR>
    <CENTER>
    <FONT SIZE="+1"><B>Session Timed-Out or Invalid Information!</B></FONT><BR>
    <BR>
    <B>Your Sesson has Timed-Out, or you have Entered Invalid Information.
    <BR>Return to the LogIn Page and Re-Enter the Application.</B><BR>
    <BR>
    <A HREF="http://128.242.115.144/login.html" TARGET="_self" <B>Return to LogIn
    Page</B></A>
    </CENTER>
    </BODY>
    </HTML>

    <CFABORT>

    <!--- If there is a Session variable, check it against the database --->

    <CFELSE>

    <!--- This query retrieves information about the user based upon the ID stored
    in the Session variable --->

    <CFQUERY NAME="CheckSession" DATASOURCE="YCC_Drivers">
    SELECT * FROM Drivers WHERE
    (DriverNumber='#Session.User_ID#') AND (Password='#Session.Password#')
    </CFQUERY>

    <!--- If the user is not in the database, reject them --->

    <CFIF #CheckSession.RecordCount# is 0>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Failed Security</title>
    <meta name="Description" content="">
    <meta name="Keywords" content="">
    <base href="" target="_self">
    <style type="text/css">
    BODY {
    color: #000080;
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    scrollbar-3dlight-color : #999999;
    scrollbar-arrow-color : Yellow;
    scrollbar-base-color : #666666;
    scrollbar-darkshadow-color : Black;
    scrollbar-face-color : #666666;
    scrollbar-highlight-color : #999999;
    scrollbar-shadow-color : #999999;
    scrollbar-track-color : #8B8B8B;
    background-color: #000080;
    }

    table {
    font-family: Verdana, Arial, sans-serif;
    font-size: x-small;
    text-align: justify;
    }
    </style>
    </head>
    <body bgcolor="#000080" text="#FFFFFF" link="#FFFFFF" vlink="#FFFFFF"
    alink="#FFFFFF">
    <BR>
    <BR>
    <CENTER>
    <FONT SIZE="+1"><B>Session Timed-Out or Invalid Information!</B></FONT><BR>
    <BR>
    <B>Your Sesson has Timed-Out, or you have entered Invalid Information.
    <BR>Return to the LogIn Page and Re-Enter the Application.</B><BR>
    <BR>
    <A HREF="http://128.242.115.144/login.html" TARGET="_self"<B>Return to LogIn
    Page</B></A>
    </CENTER>
    </BODY>
    </HTML>
    <CFABORT>
    <CFELSE>
    <CFSET #Session.User_ID# = #CheckSession.DriverNumber#>
    </CFIF>
    </CFIF>
    </CFIF>

    MJP22 Guest

  2. #2

    Default Re: Hiding URL Variables

    MJP22 wrote: 

    Don't use form method="GET" use form method="POST" for login forms.

    --
    <mack />


    Neculai Guest

  3. #3

    Default Re: Hiding URL Variables

    Can't get much simpler than that . . .

    Thanks,

    -Mark-
    MJP22 Guest

  4. #4

    Default Re: Hiding URL Variables

    Another way to hide url variables is to use a hidden frame to "wrap" the page
    that is passing variables.

    The form solution works if you are working with forms, but if you want to use
    url variables in say, <cflocation url=mypage.cfm?var1=this&var2=that> you don't
    have a post/get option.

    Therefore put nothing (or something) in a top frame to the page and open the
    pages in a bottom frame. The address bar will retain the address of the top
    frame. Beware that a knowledgeable user could right click in the bottom frame
    and select properties to see the url with the variables, but most won't have a
    clue.

    Stealth Guest

Similar Threads

  1. Replies: 14
    Last Post: December 19th, 11:58 AM
  2. Replies: 1
    Last Post: November 11th, 10:35 PM
  3. Opening a "minimal" browser / hiding url variables
    By Synner in forum Macromedia ColdFusion
    Replies: 6
    Last Post: May 6th, 09:22 AM
  4. Replies: 1
    Last Post: September 3rd, 01:30 PM
  5. Replies: 1
    Last Post: August 6th, 11:34 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •