This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BFE202.1E960B68
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
One thing to consider - cookies are inherently insecure. They are =
plain
text files and can be manipulated at the client end. It would probably =
be
more secure to set a session variable on login and track that...hope =
this is
helpful
ant
-----Original Message-----
From: Ang=E9l Stewart [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 29, 2000 12:12 PM
To: [EMAIL PROTECTED]
Subject: Help again:User/Password Security Framework for Intranet site.
Hello all..its me again =3D)
I'm writing a small intranet application, that has areas limited to =
certain
users with the correct Secuity Access Level.
I have a table with Username, Password, and Access Level.
I am thinking at the top of each page, to put a CFIF script to check =
for the
prescence of a cookie called Authenticated, which will be set when the =
user
fills out the Login page at the beginnning of the application.
The value of that cookie will be the access level retrieved from the
database.
THis is what I have in the login page:
__________________________________
<CFIF IsDefined('form.username')>
<cfquery name=3D"verifyuser" datasource=3D"bp2" dbtype=3D"ODBC"
username=3D"bpamoco" password=3D"bpamoco">
Select * FROM bpamoco.users
Where User =3D #form.username# AND Password =3D #form.password#
</cfquery>
<CFIF verifyuser.recordcount IS 0>
You have entered an incorrect username and password. Please try =
again.
<CFABORT>
<CFELSE>
User Verified.
<CFCOOKIE Name=3D"authenticated" Value=3D"verifyuser.securelevel">
</CFIF>
</CFIF>
_________________________________________
And htis is what I have on the Edit Employee page:
_________________________________________
<CFIF NOT IsDefined ('cookie.authenticated')>
You have not successfully logged into the system!<br>
Please enter you're login information below!
<CFINCLUDE TEMPLATE=3D"login.cfm">
<CFABORT>
<CFELSE>
<CFIF cookie.authenticated NEQ "Administrator">
You do not have permission to view this page
<CFINCLUDE TEMPLATE=3D"login.cfm">
<CFABORT>
</CFIF>
</CFIF>
_______________________________________
To me this seems..well...dirty.
I know that there is a more elegant way to do this, and I know one of =
you is
just dying to show me the path to enlightenment :-)
-Gel
------------------------------------------------------------------------=
----
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dlists/cf_t=
alk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' =
in
the body.
------_=_NextPart_001_01BFE202.1E960B68
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: Help again:User/Password Security Framework for Intranet =
site.</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>One thing to consider - cookies are inherently =
insecure. They are plain text files and can be manipulated at the =
client end. It would probably be more secure to set a session =
variable on login and track that...hope this is helpful</FONT></P>
<P><FONT SIZE=3D2>ant</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Ang=E9l Stewart [<A =
HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>=
<BR><FONT SIZE=3D2>Sent: Thursday, June 29, 2000 12:12 PM</FONT>
<BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2>Subject: Help again:User/Password Security Framework =
for Intranet site.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Hello all..its me again =3D)</FONT>
</P>
<P><FONT SIZE=3D2>I'm writing a small intranet application, that has =
areas limited to certain</FONT>
<BR><FONT SIZE=3D2>users with the correct Secuity Access Level.</FONT>
</P>
<P><FONT SIZE=3D2>I have a table with Username, Password, and Access =
Level.</FONT>
</P>
<P><FONT SIZE=3D2>I am thinking at the top of each page, to put a CFIF =
script to check for the</FONT>
<BR><FONT SIZE=3D2>prescence of a cookie called Authenticated, which =
will be set when the user</FONT>
<BR><FONT SIZE=3D2>fills out the Login page at the beginnning of the =
application.</FONT>
</P>
<P><FONT SIZE=3D2>The value of that cookie will be the access level =
retrieved from the</FONT>
<BR><FONT SIZE=3D2>database.</FONT>
<BR><FONT SIZE=3D2>THis is what I have in the login page:</FONT>
<BR><FONT SIZE=3D2>__________________________________</FONT>
<BR><FONT SIZE=3D2><CFIF IsDefined('form.username')></FONT>
</P>
<P><FONT SIZE=3D2> <cfquery name=3D"verifyuser" =
datasource=3D"bp2" dbtype=3D"ODBC"</FONT>
<BR><FONT SIZE=3D2>username=3D"bpamoco" =
password=3D"bpamoco"></FONT>
<BR><FONT SIZE=3D2> Select * FROM bpamoco.users</FONT>
<BR><FONT SIZE=3D2> Where User =3D #form.username# AND Password =
=3D #form.password#</FONT>
<BR><FONT SIZE=3D2> </cfquery></FONT>
</P>
<P><FONT SIZE=3D2> <CFIF verifyuser.recordcount IS 0></FONT>
<BR><FONT SIZE=3D2> You have entered an incorrect username and =
password. Please try again.</FONT>
<BR><FONT SIZE=3D2> <CFABORT></FONT>
<BR><FONT SIZE=3D2> <CFELSE></FONT>
<BR><FONT SIZE=3D2> User Verified.</FONT>
<BR><FONT SIZE=3D2> <CFCOOKIE Name=3D"authenticated" =
Value=3D"verifyuser.securelevel"></FONT>
<BR><FONT SIZE=3D2> </CFIF></FONT>
</P>
<P><FONT SIZE=3D2></CFIF></FONT>
<BR><FONT SIZE=3D2>_________________________________________</FONT>
</P>
<P><FONT SIZE=3D2>And htis is what I have on the Edit Employee =
page:</FONT>
<BR><FONT SIZE=3D2>_________________________________________</FONT>
<BR><FONT SIZE=3D2><CFIF NOT IsDefined =
('cookie.authenticated')></FONT>
</P>
<P><FONT SIZE=3D2> You have not successfully =
logged into the system!<br></FONT>
<BR><FONT SIZE=3D2> Please enter you're login =
information below!</FONT>
</P>
<P><FONT SIZE=3D2> <CFINCLUDE =
TEMPLATE=3D"login.cfm"></FONT>
</P>
<P><FONT SIZE=3D2> <CFABORT></FONT>
</P>
<P><FONT SIZE=3D2><CFELSE></FONT>
<BR><FONT SIZE=3D2> <CFIF =
cookie.authenticated NEQ "Administrator"></FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; You do not have permission to =
view this page</FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; <CFINCLUDE =
TEMPLATE=3D"login.cfm"></FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; <CFABORT></FONT>
<BR><FONT SIZE=3D2> </CFIF></FONT>
<BR><FONT SIZE=3D2></CFIF></FONT>
<BR><FONT SIZE=3D2>_______________________________________</FONT>
</P>
<P><FONT SIZE=3D2>To me this seems..well...dirty.</FONT>
<BR><FONT SIZE=3D2>I know that there is a more elegant way to do this, =
and I know one of you is</FONT>
<BR><FONT SIZE=3D2>just dying to show me the path to enlightenment =
:-)</FONT>
</P>
<P><FONT SIZE=3D2>-Gel</FONT>
</P>
<BR>
<P><FONT =
SIZE=3D2>---------------------------------------------------------------=
---------------</FONT>
<BR><FONT SIZE=3D2>Archives: <A =
HREF=3D"http://www.eGroups.com/list/cf-talk" =
TARGET=3D"_blank">http://www.eGroups.com/list/cf-talk</A></FONT>
<BR><FONT SIZE=3D2>To Unsubscribe visit <A =
HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
sts/cf_talk" =
TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
&body=3Dlists/cf_talk</A> or send a message to =
[EMAIL PROTECTED] with 'unsubscribe' in the =
body.</FONT></P>
</BODY>
</HTML>
------_=_NextPart_001_01BFE202.1E960B68--
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
