> Can you describe how you set up your web based security? I mean your > web > server settings to enable this. >
I'm not the server admin, so I can't tell you exactly what's up. All I know is that they're using Novell and "net id".... what I do not know is if "net id" is what the thing is actually called, or if its their own in-house terminology. From what I understand though, it acts pretty much like NTFS. You flag a directory to be protected and every time someone tries to access a url in that directory you first must pass the challenge. It seems that there's a LDAP store that holds all the users and passwords. However, that's my "educated" guess. >> Sorry. I was just speaking in general terms in the first instance and >> getting specific in the second. The main point stays the >> same, though. >> IdleTimeout=1 is Good. IdleTimeout >1 is Bad. > > But of course, idletimeout=1 would mean you timeout every hit, right? > Does yor query run every hit? > Yes it does. Which I know is bad in the sense that it shouldn't have to and I'm wasting resources doing that. >> I don't have a logon form. I'm letting the server do the >> authentication. All I do authorize after that. No HTML >> login at all. >> This is why I think what I'm experiencing is loads different >> from much >> of the advice I've gotten before, because I'm using server auth NOT >> home-grown-HTML auth. > > Any reason why? Do you have to use it like that? Yes (at least I'm pretty sure yes). Long story short, Georgetown already uses Net ID for its user store and authentication. My users will all have Net ID already set up. It's a requirement that we not have to institute a whole new schema for doling out and managing usernames and passwords. However I do this, I have to be able to first make users pass the normal Net ID authentication, and then authorize their access to my application using whatever methods I come up with. I wanted to use cflogin specifically for the cfloginuser functionality. However, because of the problems I'm having with logout and session variables and the idletimeout... I'm gonna have to dump the cflogin schema. I don't know if I can still leverage cfloginuser somehow, but I was going to try to roll my own using cfloginuser first before I roll my own without it. I don't think that accessing the LDAP directory directly is an option (if that is what's actually working behind the scenes). The UIS department is mad security conscious. This was one of the options that we discussed with them way back in the day (about a year ago) when this project started and that was not well received. They won't even let me access their Enterprise Manager from offsite... and I do all my work from offsite! -Patti ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
