RE: Opera and cgi.HTTP_REFERER
> I have a page which allows access only if a user is coming > from a specific page, and I use http_referer to grant or deny > access. But I don't think Opera gives this variable. can > anyone else verify that? And how do you get around it? > > The situation is people buy access to an article or series > of articles through an online shop, and I am reasoning that > if they have got as far as page 101625, they must have paid > or been given appropriate access. (that means I can leave it > to the guy who looks after page 101625 to make sure he > restricts access appropriately. The code I'm using is as > follows: > > even though there's no variable called CGI.FOO_BAR. Second, and more important, you can't rely on CGI.HTTP_REFERER for any serious security anyway, since it's sent by the browser, and can easily be set to whatever value the end user wants it to be (typically, they'd set it to the value that you're expecting, I suppose). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Opera and cgi.HTTP_REFERER
Hi Michael, I've checked out Opera for you and yup, cgi.HTTP_REFERER exists. In regards to your code all i would do is rewrite it like this, but that doesn't affect how it works in the browser: ... Rgds Dave A. -Original Message- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 9:14 AM To: CF-Talk Subject: Opera and cgi.HTTP_REFERER I have a page which allows access only if a user is coming from a specific page, and I use http_referer to grant or deny access. But I don't think Opera gives this variable. can anyone else verify that? And how do you get around it? The situation is people buy access to an article or series of articles through an online shop, and I am reasoning that if they have got as far as page 101625, they must have paid or been given appropriate access. (that means I can leave it to the guy who looks after page 101625 to make sure he restricts access appropriately. The code I'm using is as follows: (#HTTP_REFERER# contains "#articleID#") OR (#HTTP_REFERER# contains "#calcfilename#") ) > http://www.mydomain.com/goArticle.asp?ID=#articleID#&p=01";> Can anyone see the flaw in this snippet that lets it work for IE and NN but not for Opera? Cheers Mike Kear AFP Webworks Windsor, NSW, Australia __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
