> When the user logs in, they're given a set of security
> tokens. When the user takes action on a page, the page
> checks to see if they have the tokens before
> proceeding.
> [ snip ]
This sounds interesting, but I'm trying to get away from a security
framework that requires security code on every page. I've done this in the
past and it seemed like overkill in the end because all the admin functions
were in the "/admin/" folder so it seems to make sense to use some kind of
directory based permissions logic.
I was hoping to create something that would specify:
- a list of folders that a basic user can access
- a list of folders that an Administrator can access
- another set that a basic logged in user can access
- add to that list a set that a logged in power-user can access, etc
Then in the Application.cfm file, there could be some code that says
<CFIF NOT ListFind(variables.ThisFolder, variables.PermittedFolders)>
<!--- You aren't allowed there --->
<CFLOCATION URL="logout.cfm">
</CFIF>
or something similar. If there can be some concept of inheritance so that
all groups inherit the basic user (to save having to respecify them), the
power-user can inherit the basic user, etc (I've got several types of
power-users).
Thanks for your thoughts, anyhow.
Aidan
--
Aidan Whitehall <[EMAIL PROTECTED]>
Macromedia ColdFusion Developer
Fairbanks Environmental +44 (0)1695 51775
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
