You can secure a whole circuit app using NTFS by securing that circuit app's
index.cfm (and the rest of the directory while you're at it).
If you want more granular security - you need the manage the users rights in
a database - based on their NT logon name - (CGI.Auth_User).
We do both.
HTH,
Noam
----------
From: David Adams [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, 14 March 2001 1:46
To: Fusebox
Subject: NTFS security on file
Hello!
I'd like to use cflocation to a gate.cfm file that has NTFS security
(in an
Intranet environment) to secure a portion of my fusebox application.
Specifically, say there is a usergroup called HR_Users and I want
them to be
the only ones to be able to enter data.
I can use cflocation in my <cfcase fuseaction="edit"> to go to a
file called
gate.cfm. That file only allows HR_Users to read it. This file
then sends
them back to the application (index.cfm) with a new
fuseaction="edit_ok",
which takes them to the edit form.
What I'm concerned about is that anyone could just type in
index.cfm?fuseaction=edit_ok, thus bypassing my security right?
How can I stop that?
Thanks!
Dave
--
Web Applications Developer
Marconi PLC - MSI Division
425-519-2046
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
