Kevin Thanks for the explanation. I didn't realise this was so simple. What advantage (if any) does rolling your own login page in coldfusion have over this?
Kola > >-----Original Message----- > >From: Kevin Graeme [mailto:[EMAIL PROTECTED]] > >Sent: 13 December 2002 21:45 > >To: CF-Talk > >Subject: RE: Login/Password screen > > > > > >The server sets it when the person authenticates to the server > >login. So you > >just define the directory as restricted in the web server configuration, > >then when a person requests anything in that directory or lower, the web > >server intercepts it before anything else does and asks for a login. > > > >The CF app can then read the #cgi.remote_user# variable and compare that > >against a database of users for personalization if you like. > > > >-Kevin > > > >> -----Original Message----- > >> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] > >> Sent: Friday, December 13, 2002 11:19 AM > >> To: CF-Talk > >> Subject: RE: Login/Password screen > >> > >> > >> Kevin > >> > >> How is CGi.remote_user set? > >> > >> > >> Kola > >> > >> >> -----Original Message----- > >> >> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] > >> >> Sent: 13 December 2002 16:04 > >> >> To: CF-Talk > >> >> Subject: RE: Login/Password screen > >> >> > >> >> It's not a browser issue so much as on the server. The server stores > >> a > >> >> set > >> >> of cgi.something variables that can be asked for by CF. We used to > >> use > >> >> cgi.auth_user, but when we switched over to Apache, that wasn't a > >> valid > >> >> cgi > >> >> variable anymore. Now we use cgi.remote_user. > >> >> > >> >> -Kevin > >> >> > >> >> > -----Original Message----- > >> >> > From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] > >> >> > Sent: Friday, December 13, 2002 9:36 AM > >> >> > To: CF-Talk > >> >> > Subject: RE: Login/Password screen > >> >> > > >> >> > > >> >> > That's a good idea, does cgi.remoteuser work with all major > >> browsers or > >> >> > just i.e.? > >> >> > > >> >> > Thanks > >> >> > Kola > >> >> > > >> >> > >> -----Original Message----- > >> >> > >> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] > >> >> > >> Sent: 13 December 2002 14:33 > >> >> > >> To: CF-Talk > >> >> > >> Subject: RE: Login/Password screen > >> >> > >> > >> >> > >> Keep in mind that a CF based authentication system is only > >> checked > >> >> > >> against > >> >> > >> if the user hits a CFM page. That's fine for certain types of > >> >> > projects, > >> >> > >> but > >> >> > >> not for actual file security. So if you have a directory of > >> images > >> >> in > >> >> > the > >> >> > >> "secure" area, a person could link directly to an image and > >> bypass > >> >> > the > >> >> > >> login > >> >> > >> altogether because a .gif doesn't reference the Application.cfm > >> >> > first. > >> >> > >> > >> >> > >> We've been using the server level authentication and then using > >> cf > >> >> to > >> >> > >> check > >> >> > >> against the cgi.remote_user to see who it is. That means that > >> ANY > >> >> > attempt > >> >> > >> to > >> >> > >> get in at that protected area has to be authenticated against > >> with > >> >> > the > >> >> > >> server. > >> >> > >> > >> >> > >> -Kevin > >> >> > >> > >> >> > >> > -----Original Message----- > >> >> > >> > From: FlashGuy [mailto:[EMAIL PROTECTED]] > >> >> > >> > Sent: Friday, December 13, 2002 6:43 AM > >> >> > >> > To: CF-Talk > >> >> > >> > Subject: Login/Password screen > >> >> > >> > > >> >> > >> > > >> >> > >> > Hi, > >> >> > >> > > >> >> > >> > I know there are alot of custom tags out there that will do > >> what > >> >> > >> > I'm looking for but I want the best one. So this is why I'm > >> >> > >> > asking all of you hoping you've had > >> >> > >> > some experience with some of them. I'd like everything stored > >> in > >> >> > >> > a database. I know some don't do that. Bascially, once the > >> user > >> >> > >> > enters in their > >> >> > >> > username/password they are redirected to a URL on the server > >> >> > >> > based on the authentication. > >> >> > >> > > >> >> > >> > I have one called <CF_EzPassword> but was wondering if there > >> are > >> >> > >> > any better ones? > >> >> > >> > > >> >> > >> > Thanks > >> >> > >> > > >> >> > >> > > >> >> > >> > --------------------------------------------------- > >> >> > >> > Colonel Nathan R. Jessop > >> >> > >> > Commanding Officer > >> >> > >> > Marine Ground Forces > >> >> > >> > Guatanamo Bay, Cuba > >> >> > >> > --------------------------------------------------- > >> >> > >> > > >> >> > >> > > >> >> > >> > > >> >> > >> > > >> >> > >> > > >> >> > >> > >> >> > > >> >> > > >> >> > >> > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
