Ian Skinner wrote: > I am writing a User ID/Password login in for a commercial, registered > members only type, Internet site. Not adult orientated if you care *S*.
We don't :-) > I've written simple CF Login functions before, but this current project that > is going to require a little more true security then I've dealt with before. > I'm asking all the guru's and other experienced CF developers if you can > help with some ideas. Basically I want to provide a fairly secure site that > doesn't turn away potential users/members/customers. What is secure? Is it a problem if users close their browser and are automatically logged in if they re-open it? Do you need protection against multiple simultaneous logins with the same user account? Etc. > What I'm interested in is comments and ideas on balancing Security verses > User Convince. I think the best balance for the general internet population is currently Digest Authentication or Basic Authentication over SSL. > Would I want to blend other security features in to this (NT > Security for example)? NT Security is IE only, don't do it. If it has to be really secure, use something with smartcards (everybody has one nowadays anyway) and single use passwords. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
