> I am working on a system developed in Cold Fusion that
> provides security using NT based accounts that are synched
> with a Users table in a SQL database. We also use session
> variables to authenticate and authorize. In the Users table
> there are two fields that we use to see if the user should
> be authorized or not.
>
> We found a situation where out of several hundred disabled
> users, about 30 were still able to log in...we could log in
> using their accounts from various workstations. After checking
> all of the usual suspects: log files, event viewer, IIS settings,
> CF settings, checked the database for duplicate records...etc,
> etc we found nothing wrong nor anything that would allow us
> to correct this problem. So, we reboot the server this morning
> and now those accounts are no longer authorized.
I'm a bit confused. To authenticate users, are you authenticating against
NT, or querying the database, or both? If you're querying the database, how
are you synchronizing the NT users with the database?
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
