solution. My problem right now though is that I have a program called
e help that is made by Macromedia now. They don't have any built in
security so I had to use NT permissions in order to secure. So in
order for the application to know who is logged in I had to enable
basic authentication. So now I just need to figure out how IIS known
to make those cgi variables and if I can do that they will be cached
and require no user intervention. Any ideas?
> Its time to focus on a solution to solve the problem. From a solutions
> perspective, the best long term solution would be querry off of Active
> Directory LDAP server and use that to determine users and roles....
> however, what I suggest below is more of a short term fix that can be
> impemented today and buy time for the permanent solution using Active
> Directory/LDAP.
>
> Step 1: Have the person login in using basic authentication
> Step 2: If you are using IIS, two CGI variables will be created:
> cgi.auth_user and cgi.auth_password.
> Step 3: Create a database table containing the username and password.
> If there is not a record, run a querry or a stored proceedure to
> insert the record. If the password has been changed then, use the cgi
> variable to change the passwrod.
> Step 4: Set a session variable noting the person has logged in. If you
> need the username and password for other applications, then look up
> the information in the database.
>
>
> P.S. There was a good reason MS fixed this behavior in their browser.
> Turns out Phishers and Spammers were using this technique to gather
> credit card information from unsupecting users ruining their credit
> ratings!
>
> Reference url: http://news.com.com/2100-7355-5153534.html?tag=cd_top
>
> Jeremy Brodie
> Edgewater Technology
>
> web: http://www.edgewater.com
> phone:(703) 815-2500
> email: [EMAIL PROTECTED]
>
>
> >For instance:
> >
> >
> >
> >Putting the username and password in the URL..... :-)
> >
> >
> >
> >Steve
> >
> >
> >
> >
> >
> >-----Original Message-----
> >From: Josh Remus [mailto:[EMAIL PROTECTED]
> >Sent: Friday, February 06, 2004 10:22 AM
> >To: CF-Talk
> >Subject: RE: MS Update broke security
> >
> >
> >
> >Honestly, none of this has sounded secure at all, actually.
> > -----Original Message-----
> > From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
> > Sent: Friday, February 06, 2004 10:08 AM
> > To: CF-Talk
> > Subject: Re: MS Update broke security
> >
> > On Friday 06 Feb 2004 13:59 pm, Robert Everland III wrote:
> > > that's just it I can't use anythign that requires user
> intervention.
> >
> > Then you can't do security.
> >
> > --
> > Tom Chiverton
> > Advanced ColdFusion Programmer
> >
> > Tel: +44(0)1749 834997
> > email: [EMAIL PROTECTED]
> > BlueFinger Limited
> > Underwood Business Park
> > Wookey Hole Road, WELLS. BA5 1AF
> > Tel: +44 (0)1749 834900
> > Fax: +44 (0)1749 834901
> > web: www.bluefinger.com
> > Company Reg No: 4209395 Registered Office: 2 Temple Back East,
> Temple
> > Quay, BRISTOL. BS1 6EG.
> > *** This E-mail contains confidential information for the
> addressee
> > only. If you are not the intended recipient, please notify us
> > immediately. You should not use, disclose, distribute or copy this
> > communication if received in error. No binding contract will result
> from
> > this e-mail until such time as a written document is signed on
> behalf of
> > the company. BlueFinger Limited cannot accept responsibility for
> the
> > completeness or accuracy of this message as it has been transmitted
> over
> > public networks.***
> >
> > _____
> >
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
