No, I'm not using .htaccess/.htpasswrd. I'm just using simple authentication of a directory (one level below the form) where there is just one username and password for the whole directory. The application consists of just the one form collecting data and then I am securing the directory where the results can be seen just by the administrators.
Pam At 09:00 PM 11/2/2007, you wrote: >Is your security by using .htaccess and .htpasswrd files? Your reference to >'directory' makes me think this is the case. > >If this is not the case, then I am not sure how you are handling a login >without cookies. How is your user's browser identifying themselves to your >application? > >William >-- >William E. Seiter > >Have you ever read a book that changed your life? >Go to: www.winninginthemargins.com >Enter passkey: goldengrove > >Web Developer >http://William.Seiter.com >-----Original Message----- >From: Pamela Corey [mailto:[EMAIL PROTECTED] >Sent: Friday, November 02, 2007 9:53 AM >To: CF-Newbie >Subject: RE: Dreamweaver Login Wizard help > >Actually I'm not supposed to use cookies so that's why I want to use >a session variable. I only have one user which is also why I'm not >storing username/password in a DB - simple authentication lets you >have one user for the whole directory and Dreamweaver even encrypts >the password so it's not stored in simple text. > >I have to figure out this lock-out feature to pass the security >checks the server folk have on our intranet. > >Thanks for responding! >Pam > >At 12:33 PM 11/2/2007, you wrote: > >Well - > > > >You could use cookies - but if they erase their cache, that won't help the > >20 minute delay. I track Good and Bad Logins in the database - and for >some > >sites if they have too many bad logins - I set their account status to > >Inactive, which has to be manually changed by an Admin. However - to track > >it - > > > >If Login Fails: > > > > <!--- Track Failed Login, insert it into DB ---> > ><cfquery datasource="#APPLICATION.DSN#" username="#APPLICATION.username#" > >password="#APPLICATION.password#"> > > INSERT INTO LoginTrackBad (Login, PassAttempt, UserIP) > > VALUES ( > > '#FORM.username#', > > '#FORM.password#', > > '#cgi.remote_addr#') > > </cfquery> > > > >Once you track that data - you can run checks against it based on whatever > >you want. I have the database Auto timestamps it - so you could query That > >username and Login attempts within 20 minutes of #Now()#. If it's too many >- > >bypass your login script all together. > > > >Does that help? > > > >- Nick > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3140 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
