Dosen't e-help (Robo-help) produce a series of HTML files for viewing? Couldn't you use cfhttp (post) to secure the application?
Jeremy Brodie
Edgewater Technology
web: http://www.edgewater.com
phone:(703) 815-2500
email: [EMAIL PROTECTED]
>I have actually initiated a solution similar to this as a long term
>solution. My problem right now though is that I have a program called
>e help that is made by Macromedia now. They don't have any built in
>security so I had to use NT permissions in order to secure. So in
>order for the application to know who is logged in I had to enable
>basic authentication. So now I just need to figure out how IIS known
>to make those cgi variables and if I can do that they will be cached
>and require no user intervention. Any ideas?
>
>
>> Its time to focus on a solution to solve the problem. From a solutions
>> perspective, the best long term solution would be querry off of Active
>> Directory LDAP server and use that to determine users and roles....
>> however, what I suggest below is more of a short term fix that can be
>> impemented today and buy time for the permanent solution using Active
>> Directory/LDAP.
>>
>> Step 1: Have the person login in using basic authentication
>> Step 2: If you are using IIS, two CGI variables will be created:
>> cgi.auth_user and cgi.auth_password.
>> Step 3: Create a database table containing the username and password.
>> If there is not a record, run a querry or a stored proceedure to
>> insert the record. If the password has been changed then, use the cgi
>> variable to change the passwrod.
>> Step 4: Set a session variable noting the person has logged in. If you
>> need the username and password for other applications, then look up
>> the information in the database.
>>
>>
>> P.S. There was a good reason MS fixed this behavior in their browser.
>> Turns out Phishers and Spammers were using this technique to gather
>> credit card information from unsupecting users ruining their credit
>> ratings!
>>
>> Reference url: http://news.com.com/2100-7355-5153534.html?tag=cd_top
>>
>> Jeremy Brodie
>> Edgewater Technology
>>
>> web: http://www.edgewater.com
>> phone:(703) 815-2500
>> email: [EMAIL PROTECTED]
>>
>>
>> >For instance:
>> >
>> >
>> >
>> >Putting the username and password in the URL..... :-)
>> >
>> >
>> >
>> >Steve
>> >
>> >
>> >
>> >
>> >
>> >-----Original Message-----
>> >From: Josh Remus [mailto:[EMAIL PROTECTED]
>> >Sent: Friday, February 06, 2004 10:22 AM
>> >To: CF-Talk
>> >Subject: RE: MS Update broke security
>> >
>> >
>> >
>> >Honestly, none of this has sounded secure at all, actually.
>> > -----Original Message-----
>> > From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
>> > Sent: Friday, February 06, 2004 10:08 AM
>> > To: CF-Talk
>> > Subject: Re: MS Update broke security
>> >
>> > On Friday 06 Feb 2004 13:59 pm, Robert Everland III wrote:
>> > > that's just it I can't use anythign that requires user
>> intervention.
>> >
>> > Then you can't do security.
>> >
>> > --
>> > Tom Chiverton
>> > Advanced ColdFusion Programmer
>> >
>> > Tel: +44(0)1749 834997
>> > email: [EMAIL PROTECTED]
>> > BlueFinger Limited
>> > Underwood Business Park
>> > Wookey Hole Road, WELLS. BA5 1AF
>> > Tel: +44 (0)1749 834900
>> > Fax: +44 (0)1749 834901
>> > web: www.bluefinger.com
>> > Company Reg No: 4209395 Registered Office: 2 Temple Back East,
>> Temple
>> > Quay, BRISTOL. BS1 6EG.
>> > *** This E-mail contains confidential information for the
>> addressee
>> > only. If you are not the intended recipient, please notify us
>> > immediately. You should not use, disclose, distribute or copy this
>> > communication if received in error. No binding contract will result
>> from
>> > this e-mail until such time as a written document is signed on
>> behalf of
>> > the company. BlueFinger Limited cannot accept responsibility for
>> the
>> > completeness or accuracy of this message as it has been transmitted
>> over
>> > public networks.***
>> >
>> > _____
>> >
>>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
