ColdFusion MX: Securing Your Application

In the last article we built out the back-end administration of the website in CFForms & Administration (Part 2 of 2). We had already built the tools to allow people to put stuff into the database, so we built a way to get things out of the database. Our goal was to build the framework for our back-end, and build one tool that allowed us to report off the sales leads. The last article was full of great tips, additional use of Dreamweaver code wizards and we also spent a great deal of time explaining the code that we used as well. One such example is that we introduced recordset paging and recordset navigation. These two useful tools allow you to be informed on what records you’re viewing, and a means to navigate through all the records being returned.

In this article we want to secure what we’ve created so that only people with the right login, password and security role can log in and interact with the back-end admin section. We will focus our attention on the Application framework, the Application.cfm file, Application variables and how to secure your website with a login and password using <cflogin>, <cfloginuser>, <cflogout> as well as some related functions: GetAuthUser() and IsUserInRole().

Overview

We have our first admin tool, but we don’t want the general public to see it!

Here are the topics that we’re going to cover in this article:

The Absence of ‘State’

Website Application Framework

Adding Logins to your Database

Application.cfm
OnRequestEnd.cfm
Securing Your Application with <cflogin> <cfloginuser>
Logging Out with <cflogout>
Personalization with GetAuthUser()
Security Roles with IsUserInRole()

By the end of this article you’ll have a secured portion of your website requiring a login & password combination and you will have established security roles based management system. Don’t forget to grab the source code too – it’s all included just for you!

If this is the first article you’re reading, you may want to check out all my previous ColdFusion articles because each one from the very first article helps build the website along the way that we will be using in this article. Each one builds upon the existing website from the previous article. If you see some code in this website that you are unfamiliar with, there is an article there to help you.

When you download the source-code for this article the zip file contains a ‘base’ code you can use to build what we discuss in the article as you read it and it also includes a ‘solution’ code which is a complete code solution from the article. You’ll need to create a ColdFusion Dreamweaver MX 2004 site for one or both of the code bases. I also use a MySQL 4.1 database which I always include a mysqldump file in the /db directory. You may want to restore the db and create a datasource named okctravel to make full use of this article. For more help, take a look at my second article about setting up the MySQL 4.1 database for use with ColdFusion.

Rob Sherman

Rob Sherman Bio:
Attended Fullerton College for a BS in Computer Science and began designing web pages in 1991. In 1994 he began working for an Internet Service Provider called Compulearn in Tarzana, CA. While there he began teaching various computer classes like Access, Word, Excel and Internet related courses. Aside from teaching he became the Webmaster for Compulearn and started designing website for Compulearn and it’s clients. Some of those clients included: Arco, Gilette, Vision Correction Centers, various legal and insurance offices, AT & T, San Fernando Valley Bar Association, a teen website called Moxiegirl, State of Arizona, and the United States Commerce Department.

Rob also decided to take on other responsibilities and worked for a non-profit organization called the Global Schoolhouse Foundation in 1997. This non-profit organization had a mission of bringing Internet technology into the classrooms for both students and teachers. The work this foundation performed was even recognized by now presidential candidate Al Gore, and more recently President George W. Bush and met with the organization periodically. Rob excelled in the ColdFusion language and was building web based projects that brought teachers and students together from over 30 countries.

In 1999, Rob left the Global Schoolhouse to take on the title of Director of Development for an online auction website located in Paris, France. This website was Eurobid.com. In February of 1999 the idea of a truly multi-lingual auction website for the European community was just a thought, but by the end of that same year it became a reality. While continuing to work from the states, Rob put together a team of ColdFusion developers across the U.S. as well as system administrators and was responsible for architecting one of the strongest auction communities in all Europe.

After leaving Eurobid in 2000, Rob formed his own consulting corporation, known as CFDude, Inc. and maintains several clients. He also became a Macromedia Certified Instructor (along with Macromedia Advanced Certified ColdFusion Developer) teaching courses for Andrew’s Technology all over the U.S. and later taught ColdFusion MX and Flash MX 2004 classes for RoundPeg. Rob was also selected to be a part of the pilot program for the Macromedia Certified Professional Program and is one of the first Macromedia Certified Professionals. Rob presently holds the following certifications: Advanced ColdFusion Developer/Trainer; Flash MX Developer/Trainer; Flash MX 2004 Developer/Trainer.

See All Postings From Rob Sherman >>

Reviews

Be the first to write a review

You must me logged in to write a review.