Solved

Please Urgent!  Security Functionality Surprises

Posted on 2004-08-02
3
139 Views
Last Modified: 2013-12-24
Within a day or two i will be working on my applications security.

I have done the pages, including insert, update delete.  Because i waited until this point to work on the security (login, sessions), what problems  or surprises  will I have when i start working on it.

I actually want to know the impact of login and session to my pages that have insert, update and delete.  

Thank you.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 11

Assisted Solution

by:hart
hart earned 175 total points
ID: 11702208
ok just couple of things u should keep in mind are that sessions give a problem if some one is accessing your site behind a proxy server...

The problem is that more than 1 person is accessing your site from behind a proxy then there are chances that the session values get interchanged..

but cookies avoid this hassle...

what i would suggest is that if your application is gonna be used by users having proxy servers then use temp cookies instead of sessions...And u can always check wether the person has activated cookies or not, if not then you can give a prompt telling him to activate it....

this is just a suggestion sessions work well tooo...

Regards
Hart
0
 
LVL 9

Assisted Solution

by:Jerry_Pang
Jerry_Pang earned 150 total points
ID: 11702545
There are security issues on SQL statements.
use cfqueryparam to secure your databases from unauthorized users.

statements like
SELECT * FROM USERS WHERE lname = '#URL.x#'

More Security issues here.
articles: Top5 Security issues
http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 175 total points
ID: 11705932
Useing cfqueryparam is a good step

Session values will not get interchanged if you code them properly.

Limit access through your DSNs

Consider assigning user priveleges or roles so that you have granular control over your security

COnsider implementing a way to audit logins
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question