0

Let me start by saying I am not really a full-stack developer and this is out of my scope of understanding. I have tried searching for an answer but I can't find anything relevant. If you have any reasons to share they would be much appreciated!

I am working on a website running on coldfusion and framework one. I've been instructed to make a single specific page accessible without authentication. I know this might seem like a bad idea, security wise I have no idea how dangerous this really is but it doesn't seem great. Regardless, those are my instructions.

Where would I even do something like this? Is there some sort of "authenticator" action that I can disable? When visiting a page on the domain while logged out the user is just redirected to the initial login page. Perhaps I can disable this redirect? I've looked in the relevant controller and view pages for the area of the site I'm working on but I can't find anything and it's hard for me to google without much knowledge on the topic to begin with. Any help is greatly appreciated.

Robbie Milejczak
  • 5,664
  • 3
  • 32
  • 65
  • 1
    If a page does not need to be secured behind some sort of authentication then it should not be under the secure area of the site. Having said that, FW /1 does not have any specific code to secure pages, It is merely a framework that wires things together for you as a developer. The redirecting is happening somewhere in your code base. You have not shared enough details here for us to help you. We would need to see the code. – Miguel-F Sep 25 '17 at 19:13
  • hm thank you, that is helpful actually. There isn't really an unsecured area, just the login page but if I can find the redirect maybe I can put some condition in to stop it. – Robbie Milejczak Sep 25 '17 at 19:28
  • I don't know how familiar you are with ColdFusion but this type of thing is typically done in a file named `Application.cfc` as it is run on every request. Good luck. – Miguel-F Sep 25 '17 at 19:32
  • I should have added... using FW/1 gives you other options for processing during a request. See [this section in the docs as another potential hook](https://github.com/framework-one/fw1/wiki/Developing-Applications-Manual#designing-controllers). Specifically the `before()` method discussion. – Miguel-F Sep 25 '17 at 19:40

1 Answers1

0

Since you state that you don't have experience with ColdFusion this answer is kept simple and does not try to explain how ColdFusion applications work or what an Application scope is in ColdFusion.

  1. create a sub-folder within your original application folder
  2. create your non-secure page within this new sub-folder
  3. create another page under the same sub-folder named Application.cfm with the following code (it's just a comment, it's an empty page but it will prevent the code that re-directs to login to execute)

code for Application.cfm

<!--- // this folder is not secure --->

If this does not work for you because you need access to stuff that is part of the secured application, let me know and I'll update my answer but will get a bit more complex like you'll need to find out where the redirection to login takes place and you'll need to understand what you're doing in ColdFusion.
Alex Baban
  • 11,312
  • 4
  • 30
  • 44