Use cgi.server_name? Be careful

So I just had a random, stray thought. One thing I've done in the past is sniff the current server to determine behavior aspects of my site. So for example, my error handler may do something like this: <cfif findNoCase("dev.", cgi.server_name)> <cfdump var="#exception#"> <cfelse> <p> Something went wrong. Quick - reboot the Tandy. </p> </cfif>

While this works nice, I just ran across a problem with it. If you hit this file on my site:

http://www.coldfusionjedi.com/test4.cfm

You will see I print out cgi.server_name. Now if you go into your HOSTS file and do:

67.59.153.214 baloneypants.com

And then hit the file with:

http://baloneypants.com/test4.cfm

You will notice that the CGI variable now says baloneypants. No big surprise there I guess. But obviously if I knew your code did this, and if I added dev.x.com for x.com, I could use it as a way to "sniff" out differences based on that CGI variable.

Unfortunately I can't think of a nice solution. Sniffing the servername is a handy way to dynamically load settings based on environment. If you can't trust cgi.server_name than you need to do something else - like perhaps sniff something on the machine itself.

Any suggestions?

Like This?

If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can also subscribe to the email feed to get notified of new posts.