lundi 20 avril 2015

Web Proxy bypasses coldfusion login form to site

Vote count: 0

I have a coldfusion login form (by using a coldfusion form, where I have a simple cfif or cfelse statement). I noticed today that you can bypass this form entirely by using a proxy.

Can anyone point me in the direction (keywords, methods, tutorials) of ensuring proxies can't view the site, without having to login as well?

This is the process

<cfset this_password = "password">
<cfif form.password neq "password" or form.username neq "login">
<cflocation url="doorway_page_For_the_Key.cfm?status=le">
<cfelse>
<cflock scope="session" timeout="10">
    <cfset session.valid_user = "yes">
</cflock>
<cflocation url="home.cfm" addtoken="no">
</cfif>

Thanks

asked 1 min ago



Web Proxy bypasses coldfusion login form to site

Aucun commentaire:

Enregistrer un commentaire