Solved

Please Urgent!  Security Functionality Surprises

Posted on 2004-08-02
3
136 Views
Last Modified: 2013-12-24
Within a day or two i will be working on my applications security.

I have done the pages, including insert, update delete.  Because i waited until this point to work on the security (login, sessions), what problems  or surprises  will I have when i start working on it.

I actually want to know the impact of login and session to my pages that have insert, update and delete.  

Thank you.
0
Comment
Question by:mdbbound
3 Comments
 
LVL 11

Assisted Solution

by:hart
hart earned 175 total points
ID: 11702208
ok just couple of things u should keep in mind are that sessions give a problem if some one is accessing your site behind a proxy server...

The problem is that more than 1 person is accessing your site from behind a proxy then there are chances that the session values get interchanged..

but cookies avoid this hassle...

what i would suggest is that if your application is gonna be used by users having proxy servers then use temp cookies instead of sessions...And u can always check wether the person has activated cookies or not, if not then you can give a prompt telling him to activate it....

this is just a suggestion sessions work well tooo...

Regards
Hart
0
 
LVL 9

Assisted Solution

by:Jerry_Pang
Jerry_Pang earned 150 total points
ID: 11702545
There are security issues on SQL statements.
use cfqueryparam to secure your databases from unauthorized users.

statements like
SELECT * FROM USERS WHERE lname = '#URL.x#'

More Security issues here.
articles: Top5 Security issues
http://www.macromedia.com/devnet/server_archive/articles/top5_cf_security_issues.html
0
 
LVL 35

Accepted Solution

by:
mrichmon earned 175 total points
ID: 11705932
Useing cfqueryparam is a good step

Session values will not get interchanged if you code them properly.

Limit access through your DSNs

Consider assigning user priveleges or roles so that you have granular control over your security

COnsider implementing a way to audit logins
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question