You could always put in the necessary closing tags before the CFABORT...
> -----Original Message-----
> From: Justin Scott [SMTP:[EMAIL PROTECTED]]
> Sent: 23 May 2002 16:16
> To: CF-Talk
> Subject: Re: page security using <cfabort>
>
> You might think about using a CFLOCATION instead to redirect to an
> "unauthorized" page that will have a full set of HTML. Using CFABORT in
> the
> middle of the page like that will cause the closing tags to get cut off
> and
> some browsers will freak out and not even display the message at all.
>
> As for the security itself, it looks ok, but there's no way to tell for
> certain if something is "secure" or not without seeing all of the code
> that
> touches those variables.
>
> -Justin Scott, Lead Developer
> Sceiron Internet Services, Inc.
> http://www.sceiron.com
>
>
> ----- Original Message -----
> From: "Jeff Brown" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, May 23, 2002 11:07 AM
> Subject: page security using <cfabort>
>
>
> > I am planning on adding role based page level security to my application
> by
> > adding this chunk of code to every page:
> >
> > <body>
> > <cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3",
> > #session.user_role#, ",") EQ 0>
> > You are not authorized to view this page. <cfabort>
> > </cfif>
> >
> > .. [page content] ...
> >
> > </body>
> >
> > Session.user_role is set when the user logs in to the app. Is this a
> fairly
> > standard way to do it? Certain pages should not be viewable by certain
> > roles, can anyone think of an instance where a user could get past this?
> > TIA.
> >
> > v/r,
> > Jeff
> >
>
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
