Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a scheduled task set up in my coldfusion server admin – every day at a specific time, it calls a certain page on the server.
The problem is, I don’t want this page to be accidentally invoked by someone navigating to it in a browser. Is there any way to make sure that it can only be called by the CF admin?
Check the
cgi.http_user_agent– it should becfschedulewhen called from within cfide or by the schedule.I’m not sure if there is any documentation however it is something we have relied on under both CF8 and CF9. It’s not a
servicefactorycommand – it is the user agent used by the ColdFusion scheduler. Also see answers to this SO question.Note that it can be spoofed – any browser or http agent capable of setting it’s own user agent would pass a test based solely on this value. Consider also using other tests like the the ip address, etc.
An added protection/obfuscation could be to require a specific url parameter (or a series of parameters) which could be hardcoded into the schedule in the administrator reducing, but not eliminating, the risk of url tampering or accidental processing.