Keep in mind that a CF based authentication system is only checked against if the user hits a CFM page. That's fine for certain types of projects, but not for actual file security. So if you have a directory of images in the "secure" area, a person could link directly to an image and bypass the login altogether because a .gif doesn't reference the Application.cfm first.
We've been using the server level authentication and then using cf to check against the cgi.remote_user to see who it is. That means that ANY attempt to get in at that protected area has to be authenticated against with the server. -Kevin > -----Original Message----- > From: FlashGuy [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 6:43 AM > To: CF-Talk > Subject: Login/Password screen > > > Hi, > > I know there are alot of custom tags out there that will do what > I'm looking for but I want the best one. So this is why I'm > asking all of you hoping you've had > some experience with some of them. I'd like everything stored in > a database. I know some don't do that. Bascially, once the user > enters in their > username/password they are redirected to a URL on the server > based on the authentication. > > I have one called <CF_EzPassword> but was wondering if there are > any better ones? > > Thanks > > > --------------------------------------------------- > Colonel Nathan R. Jessop > Commanding Officer > Marine Ground Forces > Guatanamo Bay, Cuba > --------------------------------------------------- > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
