Cold Fusion.. For Real
Hans Zaunere
hans at nyphp.org
Mon Mar 3 16:29:58 EST 2003
My apologies for leaving all the fine answers to my previous post hanging
over the weeks, however just as I was about to sit down and begin coding, the
ColdFusion/Oracle/Win2K (COW Technology suite?) server fell to it's knees.
FYI, don't put a virus scanner on Oracle log and database files - I didn't do
it, some other admin did.
So the AMP side of things is done and now it's a matter of tieing the two
together. One problem that remains, however, is the limited reach, and
unlimited liability, I have with the COW server.
Chris, your idea of fingerprinting the browser's request header is great, and
something I'll use in the future, as are the other techniques of generating a
key of sorts and passing it around (I don't have any access to a DB on the CF
side so I have no persistence aside from a GET or POST).
The problem I see, as you eluded to Adam, is the lack of a MD5 function
builtin to CF. Is this really the case? I may seem like I'm being pedantic,
but I need to leave the slightest footprint [impression] on the CF side... no
additional files, DB access, etc. I'm limited to this because the CF piece
is not mine, and as I found out during the server fiasco, the ISV is *very*
quick to point the finger.
So I'm left with only being able to put a tiny link, minimally generated by
builtin CF functionality. Hence, my thinking a MAC address would at least be
enough to force most medical students into logging into the CF page first,
while keeping even this ISV from placing blame.
I know this seems like a brain teaser folks; but because it is :)
Thanks,
Hans
More information about the talk
mailing list