Security best practice
Posted on 2004-11-18
My apologies if this is not the right topic to ask this question in, but I have a Windows 2000 Server running IIS and SQL Server 2000 with Coldfusion 6.1.
Most of the sites I create simply use a query of a table in the database to authenticate and authorize users. The not so simple part of that is that I then need to write every page to include a security check.
As a best practice, what is your opinion of the most efficient, yet secure, way to build a site?
I would prefer to just set a folder's permission somehow and let the server check for the proper credentials each time someone accesses a page than for me to have to check for authentication and authorization on every page.
Using Active Directory integration isn't an option for us. I must use the sql server usernames and passwords for all authentication/authorization.
Thanks in advance,