Yes, and you could do a lot of other things that don't make much sense also.. Breaking the no access message out into its own file will be much more manageable, IMHO.
-Justin Scott, Lead Developer Sceiron Internet Services, Inc. http://www.sceiron.com ----- Original Message ----- From: "Paul Bowley" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, May 23, 2002 11:23 AM Subject: RE: page security using <cfabort> > You could always put in the necessary closing tags before the CFABORT... > > > -----Original Message----- > > From: Justin Scott [SMTP:[EMAIL PROTECTED]] > > Sent: 23 May 2002 16:16 > > To: CF-Talk > > Subject: Re: page security using <cfabort> > > > > You might think about using a CFLOCATION instead to redirect to an > > "unauthorized" page that will have a full set of HTML. Using CFABORT in > > the > > middle of the page like that will cause the closing tags to get cut off > > and > > some browsers will freak out and not even display the message at all. > > > > As for the security itself, it looks ok, but there's no way to tell for > > certain if something is "secure" or not without seeing all of the code > > that > > touches those variables. > > > > -Justin Scott, Lead Developer > > Sceiron Internet Services, Inc. > > http://www.sceiron.com > > > > > > ----- Original Message ----- > > From: "Jeff Brown" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, May 23, 2002 11:07 AM > > Subject: page security using <cfabort> > > > > > > > I am planning on adding role based page level security to my application > > by > > > adding this chunk of code to every page: > > > > > > <body> > > > <cfif ListFindNoCase("AllowedRole1,AllowedRole2,AllowedRole3", > > > #session.user_role#, ",") EQ 0> > > > You are not authorized to view this page. <cfabort> > > > </cfif> > > > > > > .. [page content] ... > > > > > > </body> > > > > > > Session.user_role is set when the user logs in to the app. Is this a > > fairly > > > standard way to do it? Certain pages should not be viewable by certain > > > roles, can anyone think of an instance where a user could get past this? > > > TIA. > > > > > > v/r, > > > Jeff > > > > > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
