Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Please Urgent!  Security Functionality Surprises

Posted on 2004-08-02
3
Medium Priority
?
140 Views
Last Modified: 2013-12-24
Within a day or two i will be working on my applications security.

I have done the pages, including insert, update delete.  Because i waited until this point to work on the security (login, sessions), what problems  or surprises  will I have when i start working on it.

I actually want to know the impact of login and session to my pages that have insert, update and delete.  

Thank you.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 11

Assisted Solution

by:hart
hart earned 700 total points
ID: 11702208
ok just couple of things u should keep in mind are that sessions give a problem if some one is accessing your site behind a proxy server...

The problem is that more than 1 person is accessing your site from behind a proxy then there are chances that the session values get interchanged..

but cookies avoid this hassle...

what i would suggest is that if your application is gonna be used by users having proxy servers then use temp cookies instead of sessions...And u can always check wether the person has activated cookies or not, if not then you can give a prompt telling him to activate it....

this is just a suggestion sessions work well tooo...

Regards
Hart
0
 
LVL 9

Assisted Solution

by:Jerry_Pang
Jerry_Pang earned 600 total points
ID: 11702545
There are security issues on SQL statements.
use cfqueryparam to secure your databases from unauthorized users.

statements like
SELECT * FROM USERS WHERE lname = '#URL.x#'

More Security issues here.
articles: Top5 Security issues
http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 700 total points
ID: 11705932
Useing cfqueryparam is a good step

Session values will not get interchanged if you code them properly.

Limit access through your DSNs

Consider assigning user priveleges or roles so that you have granular control over your security

COnsider implementing a way to audit logins
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question