Whoops, Lee's right! It was an occasional newsletter article.
-----Original Message-----
From: Hal Helms [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 09, 2000 8:53 AM
To: Fusebox
Subject: RE: Security issues
I just wrote an article for CFDJ that goes into that. I think it may be
available online at www.sys-con.org. It's a great thing, almost like a
parlor trick because it works so well.
-----Original Message-----
From: Reynolds, Adam [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 09, 2000 6:46 AM
To: Fusebox
Subject: RE: Security issues
Roughly...
<cfscript>
request.useradmin = 1;
request.reportadmin = 2;
request.siteadmin = 4;
</cfscript>
Somewhere in your login in code ....
request.userpermissions = request.useradmin + request.siteadmin
Somewhere in your function listing areas
<cfif bitand(request.userpermissions,request.useradmin)>
display your user administration functions here.
</cfif>
<cfif bitand(request.userpermissions, request.reportadmin)>
display your report admin functions
</cfif>
etc...
User shouls see Useradmin and Siteadmin functions.
> ----------
> From: Stephen Fernandez[SMTP:[EMAIL PROTECTED]]
> Sent: 09 October 2000 10:20
> To: Fusebox
> Subject: RE: Security issues
>
> this sounds quite interesting, could you please post some example code as
> im
> not too hot with the bitwise operations functions?
>
> -----Original Message-----
> From: Reynolds, Adam [mailto:[EMAIL PROTECTED]]
> Sent: 09 October 2000 10:09
> To: Fusebox
> Subject: RE: Security issues
>
>
> You can simplify this even further by using the BitAnd function. This
> operates on a 32 bit integer. Give different facilities a unique binary
> number (1 2 4 8 16 32 64 etc...)
>
> Then assign a user a security number which is a summation of the
> facilities
> the user is allowed to do. Then use bitand (with the facility) to
> determine
> if a user can see facilities.
>
> You do need to define the security constants, but this is usually not a
> problem.
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
**********************************************************************
This email and any attachments are confidential and solely
for the use of the intended recipient. They may contain
material protected by legal professional or other privilege.
If you are not the intended recipient or the person responsible
for delivering to the intended recipient, you are not authorised
to and must not disclose, copy, distribute or retain this email
or its attachments. Although this email and its attachments
are believed to be free of any virus or other defect, it is the
responsibility of the recipient to ensure that they are virus free
and no responsibility is accepted by the company for any
loss or damage arising from receipt or use thereof.
**********************************************************************
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
