Cross platform/cross browser. If you have people using non-microsoft browsers, server authentication can be problematic.
Rolling your own with CF can more easily be made friendly for all heterogeneous situations. And could give you one app that could be run on Windoze, Linux, and MacOSX (if written well, of course) On 12/15/02 11:55 AM, "Kola Oyedeji" <[EMAIL PROTECTED]> wrote: > Kevin > > Thanks for the explanation. I didn't realise this was so simple. What > advantage (if any) does rolling your own login page in coldfusion have over > this? > > Kola > >>> -----Original Message----- >>> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] >>> Sent: 13 December 2002 21:45 >>> To: CF-Talk >>> Subject: RE: Login/Password screen >>> >>> >>> The server sets it when the person authenticates to the server >>> login. So you >>> just define the directory as restricted in the web server configuration, >>> then when a person requests anything in that directory or lower, the web >>> server intercepts it before anything else does and asks for a login. >>> >>> The CF app can then read the #cgi.remote_user# variable and compare that >>> against a database of users for personalization if you like. >>> >>> -Kevin >>> >>>> -----Original Message----- >>>> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] >>>> Sent: Friday, December 13, 2002 11:19 AM >>>> To: CF-Talk >>>> Subject: RE: Login/Password screen >>>> >>>> >>>> Kevin >>>> >>>> How is CGi.remote_user set? >>>> >>>> >>>> Kola >>>> >>>>>> -----Original Message----- >>>>>> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] >>>>>> Sent: 13 December 2002 16:04 >>>>>> To: CF-Talk >>>>>> Subject: RE: Login/Password screen >>>>>> >>>>>> It's not a browser issue so much as on the server. The server stores >>>> a >>>>>> set >>>>>> of cgi.something variables that can be asked for by CF. We used to >>>> use >>>>>> cgi.auth_user, but when we switched over to Apache, that wasn't a >>>> valid >>>>>> cgi >>>>>> variable anymore. Now we use cgi.remote_user. >>>>>> >>>>>> -Kevin >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] >>>>>>> Sent: Friday, December 13, 2002 9:36 AM >>>>>>> To: CF-Talk >>>>>>> Subject: RE: Login/Password screen >>>>>>> >>>>>>> >>>>>>> That's a good idea, does cgi.remoteuser work with all major >>>> browsers or >>>>>>> just i.e.? >>>>>>> >>>>>>> Thanks >>>>>>> Kola >>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: Kevin Graeme [mailto:[EMAIL PROTECTED]] >>>>>>>>> Sent: 13 December 2002 14:33 >>>>>>>>> To: CF-Talk >>>>>>>>> Subject: RE: Login/Password screen >>>>>>>>> >>>>>>>>> Keep in mind that a CF based authentication system is only >>>> checked >>>>>>>>> against >>>>>>>>> if the user hits a CFM page. That's fine for certain types of >>>>>>> projects, >>>>>>>>> but >>>>>>>>> not for actual file security. So if you have a directory of >>>> images >>>>>> in >>>>>>> the >>>>>>>>> "secure" area, a person could link directly to an image and >>>> bypass >>>>>>> the >>>>>>>>> login >>>>>>>>> altogether because a .gif doesn't reference the Application.cfm >>>>>>> first. >>>>>>>>> >>>>>>>>> We've been using the server level authentication and then using >>>> cf >>>>>> to >>>>>>>>> check >>>>>>>>> against the cgi.remote_user to see who it is. That means that >>>> ANY >>>>>>> attempt >>>>>>>>> to >>>>>>>>> get in at that protected area has to be authenticated against >>>> with >>>>>>> the >>>>>>>>> server. >>>>>>>>> >>>>>>>>> -Kevin >>>>>>>>> >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: FlashGuy [mailto:[EMAIL PROTECTED]] >>>>>>>>>> Sent: Friday, December 13, 2002 6:43 AM >>>>>>>>>> To: CF-Talk >>>>>>>>>> Subject: Login/Password screen >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I know there are alot of custom tags out there that will do >>>> what >>>>>>>>>> I'm looking for but I want the best one. So this is why I'm >>>>>>>>>> asking all of you hoping you've had >>>>>>>>>> some experience with some of them. I'd like everything stored >>>> in >>>>>>>>>> a database. I know some don't do that. Bascially, once the >>>> user >>>>>>>>>> enters in their >>>>>>>>>> username/password they are redirected to a URL on the server >>>>>>>>>> based on the authentication. >>>>>>>>>> >>>>>>>>>> I have one called <CF_EzPassword> but was wondering if there >>>> are >>>>>>>>>> any better ones? >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> --------------------------------------------------- >>>>>>>>>> Colonel Nathan R. Jessop >>>>>>>>>> Commanding Officer >>>>>>>>>> Marine Ground Forces >>>>>>>>>> Guatanamo Bay, Cuba >>>>>>>>>> --------------------------------------------------- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>> >>>> >>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
