NYCPHP Meetup

[nycphp-talk] ColdFusion Question

Brian brian at preston-campbell.com
Thu Feb 20 09:32:03 EST 2003


I have been working on an SNMP project in VB (also, no comments please...) and 
a lot of usable data is passed by an SNMP agent.  You can get a Win32 agent 
from a Win2K disk and of course there are free agents for Linux servers as 
well.  I have not looked for SNMP projects in PHP but I bet you could find 
something on Sourceforge that would suite your purposes. (Look into BER 
decoding as a start).

With the right code, you could easily obtain the MAC address of the 
originating server and check that against your MAC address on record.  
Although encryption might be difficult to handle in this case, what med 
student would be sniffing packets on port 161?

Just a thought since SNMP is new to me, but someone may have a better idea 
that would be easier to implement.

Brian

On Thursday 20 February 2003 09:22 am, Hans Zaunere wrote:
> OK, no comments please  :)
>
> I'm now incharge of CF development, and while things have been moving
> "well" there's one issue I can't seem to get past easily.
>
> Basically there is a CF app on IIS under Windows 2000 with a login process
> that I have no control over, nor access to.  My only ability is to place a
> link on the protected CF page that will bring the user to a PHP app on a
> Linux server across campus, which also needs to know who the user is.
>
> The most obvious way to do this is to create the link in the CF app to
> contain a GET variable with the username in it.  OK fine, this would work,
> albeit weak.  Of course, we're dealing with computer illiterate medical
> students, so 9 times out of 10 this would suffice.
>
> Yet, it scares me, so I want to add a couple additional checks.  Basically
> my question is, how could I get a MAC address, CPU ID, or some other
> identifying tag (not IP) from the IIS server, which I would then pass in
> the URL to my application.
>
> Additionally, to keep the pesky students in check, I'd like to encode the
> information so it becomes less obvious to them what we're doing.  Ideally,
> I'd like PHP's base64_encode() functionality.  Also, does ColdFusion have
> anything like PHP's serialize() ?
>
> Security through obscurity, gotta love it.  Other ideas are welcome, but we
> are dealing with a considerably limited environment.  And CF code examples
> would be greatly appreciated  :)
>
> Thank you,
>
> H
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---





More information about the talk mailing list