Rick,
The CFGods wish the admin site be run on a separate intranet server, inside
the firewall with session-based user management. (Okay-- I know this
probably isn'd an option, so read on anyway for the rest...) You can use a
session variable that sets the permission level (from the user record in the
database) and check the permission level on the secured page.
I've written a tag called cf_access which checks the session permission
level, and if it's not a the desired level boots the user. I call it like
this: <cf_access level="admin">.
on 8/9/01 11:18 AM, CFHelp at [EMAIL PROTECTED] wrote:
> I have an admin section on a few sites and was wondering what the best
> way to handle security is. Would I run a session using a cookie to
> timeout the login? Do I use CFApplication? The administrators need to be
> able to login from anywhere.
>
> What are the ways the CFGods wish it be done?
>
>
>
> Rick Eidson
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
