Security permissions, fusebox 4 and cold fusion 5
I'm trying to understand a piece of code I came across from a while ago and attempting to apply it to my current situation. Here's the deal. My testing server is mx but work only has version 5 installed, which (unless I'm wrong) means I cannot use cflogin. So, I'm attempting to do this in a more traditional way Here's the code snippet... fuseaction name=validateLogin set name=isValidLogin value=#application.loginManager.checkUserCredentials( attributes.userName, attributes.password )# / if condition=#isValidLogin# true set value=#application.userManager.createUserSession( attributes.userName )# / relocate url=index.cfm?fuseaction=main.loginWelcome / /true false relocate url=index.cfm?fuseaction=main.loginForm / /false /cfif /fuseaction This is referencing what seems to be a cfc called checkUserCredentials (in the login manager fuse) and then sets the value in another cfc when passed (createUserSession in the user manager fuse). First question - do I have this correct so far? And if so, how would I alter this to validate against the results of a query as opposed to a cfc? I'm a little lost and don't want to jump in using cfcs just yet (I'm still getting my head around fusebox 4). Alternatively, if anyone has a good tutorial or reference on security and validating login information with fusebox 4 I would be most grateful. Regards Mark ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199731 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Security permissions, fusebox 4 and cold fusion 5
If you are on CF 5 you can't use CFCs anyway, so there is no question of jumping into them. You'll have to do the query and see if any rows matching the username and password are returned. You'll also have to rewrite any functionality in CreatUserSession(). -Original Message- From: Mark Henderson [mailto:[EMAIL PROTECTED] Sent: Wednesday, 23 March 2005 9:46 To: CF-Talk Subject: Security permissions, fusebox 4 and cold fusion 5 I'm trying to understand a piece of code I came across from a while ago and attempting to apply it to my current situation. Here's the deal. My testing server is mx but work only has version 5 installed, which (unless I'm wrong) means I cannot use cflogin. So, I'm attempting to do this in a more traditional way Here's the code snippet... fuseaction name=validateLogin set name=isValidLogin value=#application.loginManager.checkUserCredentials( attributes.userName, attributes.password )# / if condition=#isValidLogin# true set value=#application.userManager.createUserSession( attributes.userName )# / relocate url=index.cfm?fuseaction=main.loginWelcome / /true false relocate url=index.cfm?fuseaction=main.loginForm / /false /cfif /fuseaction This is referencing what seems to be a cfc called checkUserCredentials (in the login manager fuse) and then sets the value in another cfc when passed (createUserSession in the user manager fuse). First question - do I have this correct so far? And if so, how would I alter this to validate against the results of a query as opposed to a cfc? I'm a little lost and don't want to jump in using cfcs just yet (I'm still getting my head around fusebox 4). Alternatively, if anyone has a good tutorial or reference on security and validating login information with fusebox 4 I would be most grateful. Regards Mark ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199734 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Security permissions, fusebox 4 and cold fusion 5
On Wed, 23 Mar 2005 13:46:19 +1200, Mark Henderson [EMAIL PROTECTED] wrote: I'm trying to understand a piece of code I came across from a while ago and attempting to apply it to my current situation. Here's the deal. My testing server is mx but work only has version 5 installed, which (unless I'm wrong) means I cannot use cflogin. So, I'm attempting to do this in a more traditional way Here's the code snippet... fuseaction name=validateLogin set name=isValidLogin value=#application.loginManager.checkUserCredentials( attributes.userName, attributes.password )# / if condition=#isValidLogin# true set value=#application.userManager.createUserSession( attributes.userName )# / relocate url=index.cfm?fuseaction=main.loginWelcome / /true false relocate url=index.cfm?fuseaction=main.loginForm / /false /cfif /fuseaction This is referencing what seems to be a cfc called checkUserCredentials (in the login manager fuse) and then sets the value in another cfc when passed (createUserSession in the user manager fuse). First question - do I have this correct so far? Seems like it And if so, how would I alter this to validate against the results of a query as opposed to a cfc? You probably need to take the functionality out of the CFC and put into a circuit -- probably one fuseaction per CFC method. You could basically make a circuit in the model portion of your MVC app that maps onto the CFC. Or if it's just these two CFC methods, you could consider just using two UDFs. I'm a little lost and don't want to jump in using cfcs just yet Ummm, if production is CF5, then it's a moot point -- you can't use CFCs in CF5 obviously so you've got no real choice. So cflogin isn't your only problem :) (I'm still getting my head around fusebox 4). Alternatively, if anyone has a good tutorial or reference on security and validating login information with fusebox 4 I would be most grateful. Regards Mark ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199735 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Security permissions, fusebox 4 and cold fusion 5
Ok thanks guys, and pardon my ignorance. I hear what you are saying John Paul, and had figured I'd simply have to check for a recordcount from the query and then use that for my true false switch. snip Ummm, if production is CF5, then it's a moot point -- you can't use CFCs in CF5 obviously so you've got no real choice. So cflogin isn't your only problem :) /snip It's been a while since I've looked at this, but for some reason I thought the old solar system example (running on the 4.0 core files) used cfcs. http://www.cwc.co.nz/fbx/SolarSystem/ adieu Mark ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199736 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54