> Is a common (and safe) way to secure one's site to use IsUserInRole
> cfif statements around each of the pages one wishes to secure?
Yes, something like this will work fine. Here is some code from an
application I wrote recently that does what you are describing. This
code is at the top of a page which should only be accessed by
administrators:
<!--- Make sure the user is an admin --->
<cfif not checkRole("admin")>
<cflocation url="" addToken="no"/>
</cfif>
The checkRole function is my own function that does pretty much the
same thing as isUserInRole.
There are ways of centralizing this type of logic, as well. For
instance, you might have an XML file that maps roles to specific pages,
then have some code in the Application.cfm file that enforces those
relationships on every request. Any of these techniques work well, so
just pick what's best for your project, and what's most intuitive to
you.
Christian
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
