Hi,
I have an admin page which can be accessed thru a login page. However, as
it now stands, if someone were to learn bookmark that page, he or she could
return to it via the bookmark, rather than via the login page. How can I
ensure that someone could only access the admin page via the login p
d for a 97% solution.
|-Original Message-
|From: Hubert Earl [mailto:[EMAIL PROTECTED]]
|Sent: Thursday, March 08, 2001 10:48 PM
|To: CF-Talk
|Subject: Protecting an admin page
|
|
|Hi,
|
|I have an admin page which can be accessed thru a login page.
|However, as
|it now stands, if s
.
there are some other small things to consider but that's the basics of it if
u need more help lemme know!
- Original Message -
From: Hubert Earl <[EMAIL PROTECTED]>
To: CF-Talk <[EMAIL PROTECTED]>
Sent: Thursday, March 08, 2001 9:47 PM
Subject: Protecting an admin page
: Protecting an admin page
This is how it is supposed to work. In your login page, not only should u
check to see if the login/pasword is right, but also set a session variable
to true. Then on the top of every admin page, do a test to see if that
session variable is true or not. if not, forward them to
PROTECTED]>
Sent: Thursday, March 08, 2001 10:47 PM
Subject: Protecting an admin page
> Hi,
>
> I have an admin page which can be accessed thru a login page. However, as
> it now stands, if someone were to learn bookmark that page, he or she
could
> return to it via the bookmark, rat
> > How can I
> > ensure that someone could only access the admin page via
> > the login page?
>
> Doesnt the web application framework say to put the login
> stuff into an
> application.cfm ? Thus insuring it always gets called before
> a page is shown
This is a trimmed-down version of how
on 3/8/01 9:47 PM, Hubert Earl at [EMAIL PROTECTED] wrote:
> I have an admin page which can be accessed thru a login page. However, as
> it now stands, if someone were to learn bookmark that page, he or she could
> return to it via the bookmark, rather than via the login page. How can I
> ensur
on 3/8/01 9:47 PM, Hubert Earl at [EMAIL PROTECTED] wrote:
> I have an admin page which can be accessed thru a login page. However, as
> it now stands, if someone were to learn bookmark that page, he or she could
> return to it via the bookmark, rather than via the login page. How can I
> ens
:hmms
If you've got advanced security, and an user database, why not just use this
code [below] ?
The cgi.* variables are all open to modification by the client...
It even handles cross-session perment unique id's by username.
This allows generlised access provided they have a passwd/username in
9 matches
Mail list logo
