I went to a session at MAX on it that Sarge taught and they basically said not to use it. It's a good idea but in the current standing of it, there are just too many problems and it's really made for the average Joe who doesn't need anything complex and hasn't already written their own. It doesn't sound as if MM is putting a lot of effort into it or really desire to expand the functionality of it.
John Burns Certified Advanced ColdFusion MX Developer AI-ES Aeronautics, Web Developer -----Original Message----- From: Raymond Camden [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 26, 2005 12:37 PM To: CF-Talk Subject: Re: thoughts on CFLOGIN I've been a big fan of it - but the current release of CF has some issues with it. If you use Session-based CFLOGIN security, there is a security risk. It is not safe to use in production. If you use cookie based CFLOGIN security, you have to jump through hoops if you want to tie the CFLOGIN scope to the Session scope. Not impossible, just not terribly easy. If you search my blog you will see numerous posts on it. Sarge (I forget his blog) also has more blog posts on the security issue. On Wed, 26 Jan 2005 12:27:35 -0500, Emmet McGovern <[EMAIL PROTECTED]> wrote: > Are a lot of people switching over to cflogin? I've been using the > same homegrown roles based login forever now and haven't seen the need to switch. > Old habits are hard to break I guess. Am I missing out on something? > > Emmet > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191850 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
