Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New CF Dev needs help with security!! 1

Status
Not open for further replies.
SteelDragon

SteelDragon

Programmer
Feb 1, 2001
134
US
I am developing a CF based page that I need to have users log in to, and have different levels of authorzation. I have a database already exisitng with usernames and passwords in it, and I would like to use it as the source location for the login information. I want the users to be authorized to access different pages, or parts of pages only if they meet criteria set in the database in their profile. I need to be pointed in the right direction. I have total control on this project and as such have 100% access to the server if a server config, or solution is required. I would just like to know where I can configure what fields CF can see out of my DB. I already have the ODBC set-up in CF, I just need to know where CF uses this information for security.
 
Sort by date Sort by votes
You are really tackling a tough task from the start. But hey, no problem. If you are not new intermediate level, then I would suggestiong reading that above article. But it doesn't tell you about anything you want to do. As simple as this, after you are feeling comfortable with login's create another domain(field) in the login table. Name it &quot;role&quot;, I would use type &quot;number&quot; size &quot;byte&quot; that all you need. Now how to apply it? Lets say all admin's have a role of 5, another group of &quot;4&quot;, &quot;3&quot;, etc, etc. After they login, <cfset session.role eq qlogin.role> This will set the session role for who ever login's in. Now on the pages that you want to protect and the links if needed,
<cfif session.role gte 4> show link here</cfif>. Now on the pages you want to protect, let's say you only want admin's accessing a certain page, <cfif session.role neq 5>(if role is not 5) You are not allowed to access this page <cfabort> or <cflocation url=&quot;index.cfm&quot;>.
</cfif>

<cfhappy programming=&quot;OK&quot;>
 
Upvote 0 Downvote
CFProgrammer , I am familiar with what you are saying, is it possible to use a yes/no, on/off value instead of numeric values? Also, Can anyone tell me how CF interfaces with siteminder? Where do you set-up the values and how does SmDsQuery.ini get populated? Any help would be greatly appreciated.
Thanks Again,
SteelDragon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sirnose1
  • Locked
  • Question
CFIF for CFmail
Replies
0
Views
670
sirnose1
sirnose1
FALCONSEYE
  • Locked
  • Question
ColdFusion microservices with REST
Replies
0
Views
542
FALCONSEYE
FALCONSEYE
cfhelp
  • Locked
  • Question
Coldfusion 2016 - Cant find CFX_tags
Replies
0
Views
522
cfhelp
cfhelp
MDEJAKE
  • Locked
  • Question
autosuggest (cfc and jquery) help
Replies
0
Views
280
MDEJAKE
MDEJAKE
LyndonOHRC
  • Locked
  • Question
Need help using ImageCrop()
Replies
1
Views
239
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top