Solved

Please Urgent!  Security Functionality Surprises

Posted on 2004-08-02
3
134 Views
Last Modified: 2013-12-24
Within a day or two i will be working on my applications security.

I have done the pages, including insert, update delete.  Because i waited until this point to work on the security (login, sessions), what problems  or surprises  will I have when i start working on it.

I actually want to know the impact of login and session to my pages that have insert, update and delete.  

Thank you.
0
Comment
Question by:mdbbound
3 Comments
 
LVL 11

Assisted Solution

by:hart
hart earned 175 total points
ID: 11702208
ok just couple of things u should keep in mind are that sessions give a problem if some one is accessing your site behind a proxy server...

The problem is that more than 1 person is accessing your site from behind a proxy then there are chances that the session values get interchanged..

but cookies avoid this hassle...

what i would suggest is that if your application is gonna be used by users having proxy servers then use temp cookies instead of sessions...And u can always check wether the person has activated cookies or not, if not then you can give a prompt telling him to activate it....

this is just a suggestion sessions work well tooo...

Regards
Hart
0
 
LVL 9

Assisted Solution

by:Jerry_Pang
Jerry_Pang earned 150 total points
ID: 11702545
There are security issues on SQL statements.
use cfqueryparam to secure your databases from unauthorized users.

statements like
SELECT * FROM USERS WHERE lname = '#URL.x#'

More Security issues here.
articles: Top5 Security issues
http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 175 total points
ID: 11705932
Useing cfqueryparam is a good step

Session values will not get interchanged if you code them properly.

Limit access through your DSNs

Consider assigning user priveleges or roles so that you have granular control over your security

COnsider implementing a way to audit logins
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mapping Custom Error Page in IIS 7.0 / Windows 2008 3 47
Script 12 133
Problem to get function 52 100
question about access to website 2 67
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now