Kevin,
Unless you can go the PKI route (which I highly doubt since it's darn near
impossible to implement even in a closed system let alone a public one...
but I digress..) I don't think you'll be able to do something like this
without compromising security. I think you're stuck with YAP.
What I would recommend is that you use cookies to manage this. Use a guid
or encrypted string and store that in a cookie (you've seen the check boxes
where they say "remember me...") with a corresponding value in the database.
When the user hits the login page, check for the cookie and if it exists,
the user will be automatically logged in. This is location based security
at it's worst, but it's a nice workaround for those that don't want to
remember all those darn passwords. This would thwart the casual user which
may have been forwarded the mail since they wouldn't have the cookie and
couldn't get one unless they logged in successfully.
HTH,
Jeff Garza
Webmaster/Lead Developer
Spectrum Astro, Inc.
[EMAIL PROTECTED]
-----Original Message-----
From: Parker, Kevin
To: CF-Talk
Sent: 7/24/01 6:05 PM
Subject: User authentication
Can someone offer a little advice here please?
I am converting a paper based newsletter to an electronic newsletter
(e-mail
based). Very broadly, users will have the ability to elect to receive as
Plain Text or HTML, change their e-mail address etc. What I planned on
doing
was embedding in the e-mail a link to the subscription/member system so
that
users can open a page that allows then to only change their details.
This
would mean that each e-mail that went out would have to contain the
unique
key that gives that recipient access to their details only. I am trying
to
avoid giving them a YAP (Yet Another Password). This seems OK except
where
the subscriber may forward the e-mail to someone else because then the
would
be passing their key to that person (who is not a subscriber and could
alter
the forwarders details).
Any advice or suggestions please. TIA!
****
Kevin Parker
Web Services Manager
WorkCover Corporation
[EMAIL PROTECTED]
www.workcover.com
p: +61 8 82332548
f: +61 8 82332000
m: 0418 806 166
************************************************************************
This e-mail is intended for the use of the addressee only. It may
contain information that is protected by legislated confidentiality
and/or is legally privileged. If you are not the intended recipient you
are prohibited from disseminating, distributing or copying this e-mail.
Any opinion expressed in this e-mail may not necessarily be that of the
WorkCover Corporation of South Australia. Although precautions have
been taken, the sender cannot warrant that this e-mail or any files
transmitted with it are free of viruses or any other defect.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and destroy the original e-mail and any
copies.
************************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
