right, i was just thinking that... -----Original Message----- From: Paul Bowley [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 11:24 AM To: CF-Talk Subject: RE: page security using <cfabort>
You could always put in the necessary closing tags before the CFABORT... > -----Original Message----- > From: Justin Scott [SMTP:[EMAIL PROTECTED]] > Sent: 23 May 2002 16:16 > To: CF-Talk > Subject: Re: page security using <cfabort> > > You might think about using a CFLOCATION instead to redirect to an > "unauthorized" page that will have a full set of HTML. Using CFABORT in > the > middle of the page like that will cause the closing tags to get cut off > and > some browsers will freak out and not even display the message at all. > > As for the security itself, it looks ok, but there's no way to tell for > certain if something is "secure" or not without seeing all of the code > that > touches those variables. > > -Justin Scott, Lead Developer > Sceiron Internet Services, Inc. > http://www.sceiron.com > > > ----- Original Message ----- > From: "Jeff Brown" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, May 23, 2002 11:07 AM > Subject: page security using <cfabort> > > > > I am planning on adding role based page level security to my application > by > > adding this chunk of code to every page: > > > > <body> > > <cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3", > > #session.user_role#, ",") EQ 0> > > You are not authorized to view this page. <cfabort> > > </cfif> > > > > .. [page content] ... > > > > </body> > > > > Session.user_role is set when the user logs in to the app. Is this a > fairly > > standard way to do it? Certain pages should not be viewable by certain > > roles, can anyone think of an instance where a user could get past this? > > TIA. > > > > v/r, > > Jeff > > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
