RE: Secure Admin Areas
quick glance, I can see this wrong with it: script alert(You must login to access this area!); self.location=login.cfm; /script oooh, javascript, REAL secure, nobody can get past that. replace with something like: You must login to access this area! cflocation url=login.cfm cfabort !--- abort not really needed, just to be sure --- -Original Message- From: Jason Manaigre [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 17:58 To: CF-Talk Subject: Secure Admin Areas Hi all, a few quick questions, building a CMS (or rather learning as I go) and was going to use the following http://tutorial8.easycfm.com/ to build my Admin area, will this be enough security? What else can be done? Is there a better tut out there? This is just for my site, nothing mission critical. Thanks everyone, take it easy. Big Jay ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220823 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
also, you would want to use cfqueryparam in the query, not dump the form values straight to the database. -Original Message- From: Jason Manaigre [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 17:58 To: CF-Talk Subject: Secure Admin Areas Hi all, a few quick questions, building a CMS (or rather learning as I go) and was going to use the following http://tutorial8.easycfm.com/ to build my Admin area, will this be enough security? What else can be done? Is there a better tut out there? This is just for my site, nothing mission critical. Thanks everyone, take it easy. Big Jay ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220824 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
and this line: cfif qVerify.RecordCount this only verifies that one or more users were found, assuming you have unique usernames, it should be: cfif qVerify.RecordCount eq 1 not sure if there is a better tutorial out there, but i hope so, there seems to be a few issues with this one. -Original Message- From: Jason Manaigre [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 17:58 To: CF-Talk Subject: Secure Admin Areas Hi all, a few quick questions, building a CMS (or rather learning as I go) and was going to use the following http://tutorial8.easycfm.com/ to build my Admin area, will this be enough security? What else can be done? Is there a better tut out there? This is just for my site, nothing mission critical. Thanks everyone, take it easy. Big Jay ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220825 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
And you might want to think about putting all these replies into one email... =] !K -Original Message- From: Kerry [mailto:[EMAIL PROTECTED] Sent: October 12, 2005 11:16 AM To: CF-Talk Subject: RE: Secure Admin Areas and this line: cfif qVerify.RecordCount this only verifies that one or more users were found, assuming you have unique usernames, it should be: cfif qVerify.RecordCount eq 1 not sure if there is a better tutorial out there, but i hope so, there seems to be a few issues with this one. -Original Message- From: Jason Manaigre [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 17:58 To: CF-Talk Subject: Secure Admin Areas Hi all, a few quick questions, building a CMS (or rather learning as I go) and was going to use the following http://tutorial8.easycfm.com/ to build my Admin area, will this be enough security? What else can be done? Is there a better tut out there? This is just for my site, nothing mission critical. Thanks everyone, take it easy. Big Jay ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220827 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
Sorry, in future I will just save up my posts and send a daily digest. Might risk getting body to long though... -Original Message- From: Kevin Aebig [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 18:32 To: CF-Talk Subject: RE: Secure Admin Areas And you might want to think about putting all these replies into one email... =] !K -Original Message- From: Kerry [mailto:[EMAIL PROTECTED] Sent: October 12, 2005 11:16 AM To: CF-Talk Subject: RE: Secure Admin Areas and this line: cfif qVerify.RecordCount this only verifies that one or more users were found, assuming you have unique usernames, it should be: cfif qVerify.RecordCount eq 1 not sure if there is a better tutorial out there, but i hope so, there seems to be a few issues with this one. -Original Message- From: Jason Manaigre [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 17:58 To: CF-Talk Subject: Secure Admin Areas Hi all, a few quick questions, building a CMS (or rather learning as I go) and was going to use the following http://tutorial8.easycfm.com/ to build my Admin area, will this be enough security? What else can be done? Is there a better tut out there? This is just for my site, nothing mission critical. Thanks everyone, take it easy. Big Jay ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220834 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
Hey guys, thanks for the info Kerry I'll make those changes... -Original Message- From: Kerry [mailto:[EMAIL PROTECTED] Sent: October 12, 2005 12:46 PM To: CF-Talk Subject: RE: Secure Admin Areas Sorry, in future I will just save up my posts and send a daily digest. Might risk getting body to long though... -Original Message- From: Kevin Aebig [mailto:[EMAIL PROTECTED] Sent: 12 October 2005 18:32 To: CF-Talk Subject: RE: Secure Admin Areas And you might want to think about putting all these replies into one email... =] ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220839 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Secure Admin Areas
There are some free tags in the MM devex. I wrote one, AccessMonger Lite, that does password stuff, along with things like using salted hashes for pwd storage and hint/answer secured password recovery. Just heard of a bug in its admin area, though. A misnamed variable in a new upload. Bah! -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220854 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Secure Admin Areas
Thanks, will check it out. -Original Message- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: October 12, 2005 2:30 PM To: CF-Talk Subject: Re: Secure Admin Areas There are some free tags in the MM devex. I wrote one, AccessMonger Lite, that does password stuff, along with things like using salted hashes for pwd storage and hint/answer secured password recovery. Just heard of a bug in its admin area, though. A misnamed variable in a new upload. Bah! ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220860 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54