I've started a security document which also describes the different
authentication methods of IIS and how to use them with CF.
It's a early draft so please all comments for improvement welcome.
You can download it from:
http://www.aebco.com/CF/CF_Security.doc
<http://www.aebco.com/CF/CF_Security.doc>
if you need the word viewer see:
http://www.aebco.com/main.htm <http://www.aebco.com/main.htm> for a link to
download it.
Regards,
Noam
----------
From: Marc Gadsdon [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, 11 July 2000 15:49
To: [EMAIL PROTECTED]
Subject: RE: <cf_secure>(IE5 password autofillin)
One can use IIS challenge response using NT authentication, and/or
other
forms of challenge response (i.e. htaccess for Unix and NT) which
will throw
a dialogue generated from the browser when the user tries to enter a
protected area of the site.
Although I'm a bit sketchy I believe the NT method only works with
IE (but
you get to take advantage of NT User permissions etc) whereas
htaccess works
cross browser (?).
With IIS you initiate by altering the security permissions within
the
properties for your site in IIS. With htaccess it's a file based
thing (as
I'm sketchy on htacces I did a search and came up with this at the
top of
the list http://www.technotrade.com/htaccess/)
HTH
Marc
-----Original Message-----
From: Joseph Higgins [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2000 15:59
To: [EMAIL PROTECTED]
Subject: Re: <cf_secure>(IE5 password autofillin)
How do you initiate an HTTP challenge using cold fusion?
Max Paperno wrote:
> At 7/9/2000 03:26 PM +0100, Marc Gadsdon wrote:
>
> >>but obviously with sensitive admin passwords etc, that's when
you choose
> >not to save the password, when IE asks you...
> >
> >It only takes a quick click and you've stored the
password...again it's
out
> >of our control and up to user doing the right thing. The only
thing we
can
> >control is autocomplete="no".
>
> Actually if you don't call your form fields "username" and
"password" then
IE won't try to store the password (at least from my experience).
This is
if we're talking about a Web-based login form, of course, not a
HTTP-based
challenge.
>
> Cheers,
> -Max
>
>
--------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with
'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with
'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
