Table of Contents
Advertisement
DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
With code like the following:
<cfquery name="loginQuery" dataSource="#Application.DB#" >
SELECT *
FROM Users
WHERE UserName = <cfqueryparam value="#uUserName#" CFSEQLType=
'CF_SQL_VARCHAR'AND password = <cfqueryparam value="#uPassword#"
CFSEQLType='CF_SQL_VARCHAR'>
</cfquery>
<cfif loginQuery.recordcount gt 0>
<cfset retargs.authenticated="YES">
<cfset retargs.roles=loginQuery.roles>
<cfelse>
<cfset retargs.authenticated="NO">
</cfif>
<cfreturn retargs>
Note: For greater security, consider using a hashed password. Do not store the password directly in the database; instead,
use the
function to create a secure password fingerprint, and store it in the database. When the user provides a
hash
password, use the Hash function on the submitted string and compare it with the value in the database.
Web server–based authentication user security example
The following example shows how to implement user security using web-server–based basic authentication and two
roles, user and administrator.
This example has two ColdFusion pages:
The Application.cfc page logs the user into the ColdFusion security system and assigns the user to specific roles
1
based on the user's ID.
This page also includes the one-button form and logic for logging out a user, which appears at the top of each page.
The securitytest.cfm page is a sample application page. It displays the logged-in user's roles.
2
This simple example does not provide a user log-out interface. Test the security behavior by adding your own pages to
the same directory as the Application.cfc page.
Example: Application.cfc
The Application.cfc page consists of the following:
Last updated 8/5/2010
354
Advertisement
Table of Contents
