Please Urgent! Security Functionality Surprises

Within a day or two i will be working on my applications security.

I have done the pages, including insert, update delete.  Because i waited until this point to work on the security (login, sessions), what problems  or surprises  will I have when i start working on it.

I actually want to know the impact of login and session to my pages that have insert, update and delete.  

Thank you.
mdbboundAsked:
Who is Participating?
 
mrichmonConnect With a Mentor Commented:
Useing cfqueryparam is a good step

Session values will not get interchanged if you code them properly.

Limit access through your DSNs

Consider assigning user priveleges or roles so that you have granular control over your security

COnsider implementing a way to audit logins
0
 
hartConnect With a Mentor Commented:
ok just couple of things u should keep in mind are that sessions give a problem if some one is accessing your site behind a proxy server...

The problem is that more than 1 person is accessing your site from behind a proxy then there are chances that the session values get interchanged..

but cookies avoid this hassle...

what i would suggest is that if your application is gonna be used by users having proxy servers then use temp cookies instead of sessions...And u can always check wether the person has activated cookies or not, if not then you can give a prompt telling him to activate it....

this is just a suggestion sessions work well tooo...

Regards
Hart
0
 
Jerry_PangConnect With a Mentor Commented:
There are security issues on SQL statements.
use cfqueryparam to secure your databases from unauthorized users.

statements like
SELECT * FROM USERS WHERE lname = '#URL.x#'

More Security issues here.
articles: Top5 Security issues
http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.