ColdFusion MX: Securing Your Application
In the last article we built out the back-end administration of the website in CFForms & Administration (Part 2 of 2). We had already built the tools to allow people to put stuff into the database, so we built a way to get things out of the database. Our goal was to build the framework for our back-end, and build one tool that allowed us to report off the sales leads. The last article was full of great tips, additional use of Dreamweaver code wizards and we also spent a great deal of time explaining the code that we used as well. One such example is that we introduced recordset paging and recordset navigation. These two useful tools allow you to be informed on what records you’re viewing, and a means to navigate through all the records being returned.
In this article we want to secure what we’ve created so that only people with the right login, password and security role can log in and interact with the back-end admin section. We will focus our attention on the Application framework, the Application.cfm file, Application variables and how to secure your website with a login and password using <cflogin>, <cfloginuser>, <cflogout> as well as some related functions: GetAuthUser() and IsUserInRole().
Read More