Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.
-
Richard Mossman #1
How do I bypass an Application.cfm file?
I have an application that uses the CF Security Framework (Application.cfm,
cflogin, cfloginuser), Apache, and MySQL to handle the log in process. It
works fine.
But, that assumes the username/password exists in the database. I want to
implement a link from the login page that allows a person to go to a
new_user.cfm form, put in their personal information, and insert the data into
the database. The action page then calls a logout page which does a cflogout
and the login page is redisplayed. The new user now has a valid record and can
log in to the application. The application uses "roles" and the new user is
preassigned at the lowest level of access.
Right now, because Application.cfm is called for every page, the new user
selects the link, but (because there isn't yet a valid login) the login page is
redisplayed instead of the new_user.cfm page. If someone with a valid
username/password logs in, the application does jump straight to the
new_user.cfm page and the database insert (and subsequest cflogout) happens
correctly.
I've tried putting various traps in various places in the login page and
Application.cfm code, but nothing seems to work.
If I have to, I will write my own login page, but I have a lot of session,
cookie, and client variables that are set in Application.cfm and would rather
continue to use that process.
Thanks in advance
Richard Mossman Guest
-
Bypass forms authentication
My application uses forms-based authentication. In my .NET project I have a subfolder to store forms that display user-friendly error messages to... -
Bypass Print Dialog
Hi all, I'm building a ticketing system for a minor league baseball team and of course it will utilize a ticket printer. I was wondering if there... -
Workstation Bypass
I'm running windows XP on a Netware Network, after I enter the netware password and user name, I am prompted for a workstation password and user... -
Password Bypass
Using a computer with various people, I have discovered that one person has found it possible to bypass my password protect using a function key to... -
Bypass validation on cancel
Can anyone point me to some documentation on bypassing validation controls when a user selects cancel? What I have is a user control with a form... -
MikerRoo #2 Re: How do I bypass an Application.cfm file?
There are lot's of ways to do this. However, you do NOT want to add a URL
parameter for this kind of thing.
A quick and dirty way is to add the following kind of logic to your
Application.cfm or Application.cfc:
<CFSET sInsecureFileOrDirectory = "new_user.cfm">
<CFIF 0 NEQ FindNoCase (CGI.SCRIPT_NAME, sInsecureFileOrDirectory)>
<!--- Free pass file or directory. If no further processing needed you
can just use the <CFEXIT> tag --->
...
<CFELSE>
*** Normal login stuff here ***
</CFIF>
MikerRoo Guest
-
MikerRoo #3 Re: How do I bypass an Application.cfm file?
Above comment should read "If no further processing, inside Application.cfm, is needed....".
MikerRoo Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
