Vote count: 0
I have a coldfusion login form (by using a coldfusion form, where I have a simple cfif or cfelse statement). I noticed today that you can bypass this form entirely by using a proxy.
Can anyone point me in the direction (keywords, methods, tutorials) of ensuring proxies can't view the site, without having to login as well?
This is the process
<cfset this_password = "password">
<cfif form.password neq "password" or form.username neq "login">
<cflocation url="doorway_page_For_the_Key.cfm?status=le">
<cfelse>
<cflock scope="session" timeout="10">
<cfset session.valid_user = "yes">
</cflock>
<cflocation url="home.cfm" addtoken="no">
</cfif>
Thanks
asked 1 min ago
Web Proxy bypasses coldfusion login form to site
Aucun commentaire:
Enregistrer un commentaire