All you have to do is incorporate a check against the request's template
directory in your app_globals.cfm or application.cfm to see if the request
is coming from the /admin/ directory. If it is, you check to see if they
are authenticated.
<cfif GetDirectoryFromPath(GetBaseTemplatePath()) contains "admin">
<cfinclude template="check_to_see_if_they_are_authenticated.cfm">
</cfif>
----- Original Message -----
From: "Chris Lott" <[EMAIL PROTECTED]>
To: "Fusebox" <[EMAIL PROTECTED]>
Sent: Saturday, October 07, 2000 10:59 AM
Subject: Security issues
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I understand how to handle login security in an application... but do any
> of you have tips on handling variable levels of security? Up until now I
> have always had my normal app for users and then a subsection of that app
> (say /admin/) where admins would go to do their thing.
>
> It seems inefficient, but also almost inescapable without turning my neat
> code into spaghetti as I am variably displaying/including based on whether
> they have admin privileges or not. I can't imagine what it will be like
> with three or more levels of user to account for!
>
> I've seen many discussions on cf lists about how to define different
levels
> of user and what their privileges are, but not much on what to do with
> those definitions in the app. Every way I can conceive seems much painful
> than it should be. Or is that just the way it is?
>
> c
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8ckt - http://irfaiad.virtualave.net/
> Comment: PGP Signed for message verification and/or encryption
> Comment: KeyID: 0xD68B61E851046CFD
>
> iQA/AwUBOd86N9aLYehRBGz9EQIBZACghjGOJ8H88d7bCm8Jza5BgtTXeLAAmgPj
> 2EXL6YNuzCcbRypj+9lH69an
> =Wug1
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
