The server sets it when the person authenticates to the server login. So you just define the directory as restricted in the web server configuration, then when a person requests anything in that directory or lower, the web server intercepts it before anything else does and asks for a login.
The CF app can then read the #cgi.remote_user# variable and compare that against a database of users for personalization if you like. -Kevin > -----Original Message----- > From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 11:19 AM > To: CF-Talk > Subject: RE: Login/Password screen > > > Kevin > > How is CGi.remote_user set? > > > Kola > > >> -----Original Message----- > >> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] > >> Sent: 13 December 2002 16:04 > >> To: CF-Talk > >> Subject: RE: Login/Password screen > >> > >> It's not a browser issue so much as on the server. The server stores > a > >> set > >> of cgi.something variables that can be asked for by CF. We used to > use > >> cgi.auth_user, but when we switched over to Apache, that wasn't a > valid > >> cgi > >> variable anymore. Now we use cgi.remote_user. > >> > >> -Kevin > >> > >> > -----Original Message----- > >> > From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] > >> > Sent: Friday, December 13, 2002 9:36 AM > >> > To: CF-Talk > >> > Subject: RE: Login/Password screen > >> > > >> > > >> > That's a good idea, does cgi.remoteuser work with all major > browsers or > >> > just i.e.? > >> > > >> > Thanks > >> > Kola > >> > > >> > >> -----Original Message----- > >> > >> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] > >> > >> Sent: 13 December 2002 14:33 > >> > >> To: CF-Talk > >> > >> Subject: RE: Login/Password screen > >> > >> > >> > >> Keep in mind that a CF based authentication system is only > checked > >> > >> against > >> > >> if the user hits a CFM page. That's fine for certain types of > >> > projects, > >> > >> but > >> > >> not for actual file security. So if you have a directory of > images > >> in > >> > the > >> > >> "secure" area, a person could link directly to an image and > bypass > >> > the > >> > >> login > >> > >> altogether because a .gif doesn't reference the Application.cfm > >> > first. > >> > >> > >> > >> We've been using the server level authentication and then using > cf > >> to > >> > >> check > >> > >> against the cgi.remote_user to see who it is. That means that > ANY > >> > attempt > >> > >> to > >> > >> get in at that protected area has to be authenticated against > with > >> > the > >> > >> server. > >> > >> > >> > >> -Kevin > >> > >> > >> > >> > -----Original Message----- > >> > >> > From: FlashGuy [mailto:[EMAIL PROTECTED]] > >> > >> > Sent: Friday, December 13, 2002 6:43 AM > >> > >> > To: CF-Talk > >> > >> > Subject: Login/Password screen > >> > >> > > >> > >> > > >> > >> > Hi, > >> > >> > > >> > >> > I know there are alot of custom tags out there that will do > what > >> > >> > I'm looking for but I want the best one. So this is why I'm > >> > >> > asking all of you hoping you've had > >> > >> > some experience with some of them. I'd like everything stored > in > >> > >> > a database. I know some don't do that. Bascially, once the > user > >> > >> > enters in their > >> > >> > username/password they are redirected to a URL on the server > >> > >> > based on the authentication. > >> > >> > > >> > >> > I have one called <CF_EzPassword> but was wondering if there > are > >> > >> > any better ones? > >> > >> > > >> > >> > Thanks > >> > >> > > >> > >> > > >> > >> > --------------------------------------------------- > >> > >> > Colonel Nathan R. Jessop > >> > >> > Commanding Officer > >> > >> > Marine Ground Forces > >> > >> > Guatanamo Bay, Cuba > >> > >> > --------------------------------------------------- > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> > >> > >> > > >> > > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
