Here�s what you might refer to as �imperative dimensions of application security.�
It�s not an exhaustive list because it doesn�t include server maintenance security
practices, code encryption, and data transfer security among other things.
Nevertheless, you might want to start by walking through this list and documenting
your requirements.
1. Login / Logout Processes
2. Use Case Access - Rights & Privileges
3. Directory Access - Rights & Privileges
4. Page Access - Rights & Privileges
5. Data Access - Rights & Privileges
6. Encrypting Links and Form Fields
7. Securing SQL statements
I'm sure each of the above topics will generate, at least, a 15 message thread. And
frankly there's no "silver bullet" but there are some best practices. But what ever
you do try to gloablize security task as much as possible and make sure that your
implemention works well with your coding methodology.
Good luck.
Prof. Dwayne Cole, MS in MIS, MBA
Florida A&M University
Certified Advanced ColdFusion Developer
850-591-0212
"It can truely be said that nothing happens until there is vision. But it is equally
true that a vision with no underlying sense of purpose, no calling, is just a good
idea - all "sound and fury, signifiying nothing." The Fifth Discipline - Peter Senge
>----- Original Message -----
>From: "Ian Skinner" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Monday, December 30, 2002 4:58 PM
>Subject: User Name/Password Concepts
>
>
>> I am writing a User ID/Password login in for a commercial, registered
>> members only type, Internet site. Not adult orientated if you care *S*.
>>
>> I've written simple CF Login functions before, but this current project
>that
>> is going to require a little more true security then I've dealt with
>before.
>> I'm asking all the guru's and other experienced CF developers if you can
>> help with some ideas. Basically I want to provide a fairly secure site
>that
>> doesn't turn away potential users/members/customers.
>>
>> What I'm interested in is comments and ideas on balancing Security verses
>> User Convince. Also, what issues do I need to consider when I'm building
>> this to increase the difficulty to hack my code and/or users logins as
>much
>> as practical. Would I want to blend other security features in to this
>(NT
>> Security for example)?
>>
>> Ian Skinner
>> Developer
>> Ilsweb
>> [EMAIL PROTECTED]
>>
>>
>>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
