[nycphp-talk] ColdFusion Question
mjdewitt at alexcommgrp.com
Thu Feb 20 09:54:54 EST 2003
It looks like you have gotten some info already on encrypting the data.
Here are my two bits:
The remote address in cold fusion seems to be cgi.remote_addr from
and for more encryption dlls (free) for IIS check
> -----Original Message-----
> From: Hans Zaunere [SMTP:hans at nyphp.org]
> Sent: Thursday, February 20, 2003 9:22 AM
> To: NYPHP Talk
> Subject: [nycphp-talk] ColdFusion Question
> OK, no comments please :)
> I'm now incharge of CF development, and while things have been moving
> there's one issue I can't seem to get past easily.
> Basically there is a CF app on IIS under Windows 2000 with a login process
> that I have no control over, nor access to. My only ability is to place a
> link on the protected CF page that will bring the user to a PHP app on a
> Linux server across campus, which also needs to know who the user is.
> The most obvious way to do this is to create the link in the CF app to
> contain a GET variable with the username in it. OK fine, this would work,
> albeit weak. Of course, we're dealing with computer illiterate medical
> students, so 9 times out of 10 this would suffice.
> Yet, it scares me, so I want to add a couple additional checks. Basically
> question is, how could I get a MAC address, CPU ID, or some other
> tag (not IP) from the IIS server, which I would then pass in the URL to my
> Additionally, to keep the pesky students in check, I'd like to encode the
> information so it becomes less obvious to them what we're doing. Ideally,
> I'd like PHP's base64_encode() functionality. Also, does ColdFusion have
> anything like PHP's serialize() ?
> Security through obscurity, gotta love it. Other ideas are welcome, but
> are dealing with a considerably limited environment. And CF code examples
> would be greatly appreciated :)
> Thank you,
> --- Unsubscribe at http://nyphp.org/list/ ---
More information about the talk