NYCPHP Meetup

[nycphp-talk] ColdFusion Question

DeWitt, Michael mjdewitt at alexcommgrp.com
Thu Feb 20 09:54:54 EST 2003


Hans,

It looks like you have gotten some info already on encrypting the data.
Here are my two bits:

The remote address in cold fusion seems to be cgi.remote_addr from
(http://www.evolt.org/article/Session_Hijacking_Cold_Fusion_Dynamic_Proxies/
20/3516/?format=print )

and for more encryption dlls (free) for IIS check

http://www.developersdex.com/asp/default.asp?p=828

Mike



> -----Original Message-----
> From:	Hans Zaunere [SMTP:hans at nyphp.org]
> Sent:	Thursday, February 20, 2003 9:22 AM
> To:	NYPHP Talk
> Subject:	[nycphp-talk] ColdFusion Question
> 
> 
> OK, no comments please  :)
> 
> I'm now incharge of CF development, and while things have been moving
> "well"
> there's one issue I can't seem to get past easily.
> 
> Basically there is a CF app on IIS under Windows 2000 with a login process
> that I have no control over, nor access to.  My only ability is to place a
> link on the protected CF page that will bring the user to a PHP app on a
> Linux server across campus, which also needs to know who the user is.
> 
> The most obvious way to do this is to create the link in the CF app to
> contain a GET variable with the username in it.  OK fine, this would work,
> albeit weak.  Of course, we're dealing with computer illiterate medical
> students, so 9 times out of 10 this would suffice.
> 
> Yet, it scares me, so I want to add a couple additional checks.  Basically
> my
> question is, how could I get a MAC address, CPU ID, or some other
> identifying
> tag (not IP) from the IIS server, which I would then pass in the URL to my
> application.
> 
> Additionally, to keep the pesky students in check, I'd like to encode the
> information so it becomes less obvious to them what we're doing.  Ideally,
> I'd like PHP's base64_encode() functionality.  Also, does ColdFusion have
> anything like PHP's serialize() ?
> 
> Security through obscurity, gotta love it.  Other ideas are welcome, but
> we
> are dealing with a considerably limited environment.  And CF code examples
> would be greatly appreciated  :)
> 
> Thank you,
> 
> H
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 



More information about the talk mailing list