I do it like this: When the user logs in, the user's userid and access
level are stored in session variables. Then on the page I check for the
various access levels that are allowed on the page by putting them in a
list:
<cfif IsDefined("Session.userid")>
<cfset groupsAllowed ="admin,level1,level3">
<cfif not (Listfind(groupsAllowed,Session.accessgroup))>
<cflocation url="noaccessallowed.cfm">
</cfif>
<cfelse>
<cflocation url="failedlogin.html">
</cfif>
tom
www.basic-ultradev.com
----- Original Message -----
From: "Chris Lott" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>Sent: Saturday, October 07, 2000
10:59 AM
Subject: Security issues
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I understand how to handle login security in an application... but do any
> of you have tips on handling variable levels of security? Up until now I
> have always had my normal app for users and then a subsection of that app
> (say /admin/) where admins would go to do their thing.
>
> It seems inefficient, but also almost inescapable without turning my neat
> code into spaghetti as I am variably displaying/including based on whether
> they have admin privileges or not. I can't imagine what it will be like
> with three or more levels of user to account for!
>
> I've seen many discussions on cf lists about how to define different
levels
> of user and what their privileges are, but not much on what to do with
> those definitions in the app. Every way I can conceive seems much painful
> than it should be. Or is that just the way it is?
>
> c
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8ckt - http://irfaiad.virtualave.net/
> Comment: PGP Signed for message verification and/or encryption
> Comment: KeyID: 0xD68B61E851046CFD
>
> iQA/AwUBOd86N9aLYehRBGz9EQIBZACghjGOJ8H88d7bCm8Jza5BgtTXeLAAmgPj
> 2EXL6YNuzCcbRypj+9lH69an
> =Wug1
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
