I am planning on adding role based page level security to my application by
adding this chunk of code to every page:
<body>
<cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3",
#session.user_role#, ",") EQ 0>
You are not authorized to view this page. <cfabort>
</cfif>
.. [page content] ...
</body>
Session.user_role is set when the user logs in to the app. Is this a fairly
standard way to do it? Certain pages should not be viewable by certain
roles, can anyone think of an instance where a user could get past this?
TIA.
v/r,
Jeff
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
