I have an idea.
'wrap' the cfa_secure tag with your own version which in turn calls the base
tag
<cf_my_cfa_secure cfa_secure parameters>
<cfa_secure
if secure r_bResult is true
query your user directory for the record matching username
and password.
if not recordcount then ,
dont pass the (cached) return result from cfa_secure
//they have entered an old password that just
doesn't exists.
because you have a special requirement it is appropriate to extend the
security functionality this way.
the extra cost of the query is therefore justified.
Please let me know how you go with this.
Jared Clinton.
> -----Original Message-----
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 5 April 2001 7:09
> To: Spectra-Talk
> Subject: RE: After changing the password, NEW AND OLD
> password are valid
> f or s ome time ...
>
>
> > > The latest CF 5 beta provides controls to flush the
> > > security information caches within CF and SiteMinder in
> > > the CF Admin interface, so it should be pretty easy to
> > > do this programmatically in 5.
> >
> > In most cases I have seen user management is done externally,
> > outside of CF/Spectra. I don't think it is desirable to have
> > an LDAP admin notify the CF admin every time she changes an
> > account.
>
> You know, I thought it would turn out to be like that for us
> in general as
> well, but it hasn't. Out of our clients' deployments, I don't
> think a single
> one has had an existing user directory that we just plugged
> into. I agree
> that user management should ideally be done from outside the
> specific CF
> apps using the directory, though.
>
> > If a user's credentials become invalid, access should be denied
> > *immediately* (or as soon as possible.) I would think this is
> > standard security practive. I'm really quite shocked at the lax
> > approach allaire seem to be taking here. The password caching bug
> > better not be in 5.0 or there will be some very pissed people out
> > here.
>
> Not having experimented at length with this, did the "Use
> ColdFusion Server
> Cache" checkbox not work in CF 4.5? I agree that, if an account is
> invalidated, there shouldn't be cached credentials.
> Nevertheless, caching
> credentials isn't unheard of within network login
> environments - if, in a
> relatively large NT domain, an account is removed, that user
> will still
> often be able to create and maintain connections based on cached
> credentials. Or, an account may have its associated
> permissions changed, but
> not have that change take effect immediately due to cached
> credentials - I
> encounter this problem a lot.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
