hans at nyphp.org
Thu Feb 20 09:22:24 EST 2003
OK, no comments please :)
I'm now incharge of CF development, and while things have been moving "well"
there's one issue I can't seem to get past easily.
Basically there is a CF app on IIS under Windows 2000 with a login process
that I have no control over, nor access to. My only ability is to place a
link on the protected CF page that will bring the user to a PHP app on a
Linux server across campus, which also needs to know who the user is.
The most obvious way to do this is to create the link in the CF app to
contain a GET variable with the username in it. OK fine, this would work,
albeit weak. Of course, we're dealing with computer illiterate medical
students, so 9 times out of 10 this would suffice.
Yet, it scares me, so I want to add a couple additional checks. Basically my
question is, how could I get a MAC address, CPU ID, or some other identifying
tag (not IP) from the IIS server, which I would then pass in the URL to my
Additionally, to keep the pesky students in check, I'd like to encode the
information so it becomes less obvious to them what we're doing. Ideally,
I'd like PHP's base64_encode() functionality. Also, does ColdFusion have
anything like PHP's serialize() ?
Security through obscurity, gotta love it. Other ideas are welcome, but we
are dealing with a considerably limited environment. And CF code examples
would be greatly appreciated :)
More information about the talk