> I've seen an abundance of old tutorials on creating cold > fusion login functionality. this is simply a form page with > username and password which submits to an action page > containing a lookup query e.g. )select * from users where > memberID = '#form.member#' and userpass = '#form.userpass#') > then setting session variables.
The old tutorials are still valid, though with a couple of additional tweaks. First, use CFQUERYPARAM on the variables in the query for your sanity. The last thing you want is to clean up after a SQL injection attack because of unprotected variables in the query. The next one may or may not be important to you. Best practice for storing passwords is to store a hash or salted hash of the password instead of the password itself. When authenticating, perform the same hash on the password they enter and compare that to what's in the database to know if they got it right. Could be overkill for your situation, but your users will appreciate it if the information is ever compromised and they use the same passwords elsewhere. I think there were examples of this on the list earlier today, actually. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4552 Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
