I use a class called User that is instantiated as a system variable when a User logs in and out. In User I have methods to authenticate User for login and another authorize access to pages and data within a page.
Andy -----Original Message----- From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, September 12, 2003 4:53 PM To: CF-Talk Subject: ?id=23 All, I have an application that passes an id value through a hyperlink that the user clicks on in an e-mail. The id feeds the page and extracts information and populates the form fields with the user's information. THE PROBLEM: If a user is viewing their customized information with their user id=23, than what would prevent them from view other people's information by editing the id value to say, id=24? SOLUTIONS: ??? 1) Should I scramble the value in some long string and extract a value from it? For example for id=23 replace it with id=ei38skdh23skdu83 and pull 23 out of the string? 2) Set a cookie that contains the same id value and if the values don't match kick them out to some other page? Any suggestions would be great. D- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
