Hello Aidan,
There is an article "Introduction to the Problem" by Hal Helms, Vol. 1 Issue
2 of the CFDJ which has a prototype of which you are describing or seems
like what you are looking for.
John
----- Original Message -----
From: "Aidan Whitehall" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, September 17, 2001 9:14 AM
Subject: RE: Application security
> > When the user logs in, they're given a set of security
> > tokens. When the user takes action on a page, the page
> > checks to see if they have the tokens before
> > proceeding.
> > [ snip ]
>
> This sounds interesting, but I'm trying to get away from a security
> framework that requires security code on every page. I've done this in the
> past and it seemed like overkill in the end because all the admin
functions
> were in the "/admin/" folder so it seems to make sense to use some kind of
> directory based permissions logic.
>
> I was hoping to create something that would specify:
> - a list of folders that a basic user can access
> - a list of folders that an Administrator can access
> - another set that a basic logged in user can access
> - add to that list a set that a logged in power-user can access, etc
>
> Then in the Application.cfm file, there could be some code that says
>
> <CFIF NOT ListFind(variables.ThisFolder, variables.PermittedFolders)>
> <!--- You aren't allowed there --->
> <CFLOCATION URL="logout.cfm">
> </CFIF>
>
> or something similar. If there can be some concept of inheritance so that
> all groups inherit the basic user (to save having to respecify them), the
> power-user can inherit the basic user, etc (I've got several types of
> power-users).
>
> Thanks for your thoughts, anyhow.
>
>
>
> Aidan
> --
> Aidan Whitehall <[EMAIL PROTECTED]>
> Macromedia ColdFusion Developer
> Fairbanks Environmental +44 (0)1695 51775
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
