Thank you Robert. I appreciate you answering my question. Ron Mast Truth Hardware Webmaster 507-444-4693 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Gatti Sent: Sunday, January 28, 2007 8:11 PM To: 'Dallas/Fort Worth ColdFusion User Group Mailing List' Subject: RE: [DFW CFUG] questions to the network gurus
Ron, This might be overboard but maybe there's something here you could use. If the employee information is sensitive I'd store it on a central server for security -lock it down with very limited access. To allow access to the website I would definitely create user accounts for each individual just because then you have fine grained control over any activity. If there are really only a few big groups of access you could do a simple group system where each login is associated with a group and the group has the privileges. Perhaps instead of cfntauthenticate you could use a database or custom flat-file to store the authentication information. This allows you separate the accounts that have access to the server and access to the website. Even accounts that aren't allowed to login are accounts that could potentially be compromised. As for people external to the network you could setup a "dummy" server outside the firewall that connects to the internal server over SSL only. This allows only encrypted data out and provides a second layer of security to get to the employee info, in case the external server is compromised. Robert Gatti
_______________________________________________ Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archives: http://www.mail-archive.com/list%40list.dfwcfug.org/ http://www.mail-archive.com/list%40dfwcfug.org/ DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/
