Ask a Question related to Coldfusion Security, Design and Development.
-
rrzzy #1
Windows User Directory Security bypassed?
:confused;Using IIS6 under Windows 2003 with CFMX 6.1 When a cfm script file is
located in a windows security restricted directory, the user is prompted for a
login (user/password) prior to access. However, any user/password combination
for that computer is accepted even when the directory is restricted to a
specific user or usergroup. A html file in the same restricted directory works
correctly, only allowing the specific user or group access and denying all
others. If the url is just a directory reference (i.e. relies on the IIS
default filename to resolve to a cfm script file), then user security works
correctly. This seems like a rather large hole in CF security. Is there a way
to implement user based security so different users have access to specific
directories?
rrzzy Guest
-
Server cannot access application directory ... The directory does not exist or is not accessible because of security settings
If you are using Windows XP in a Workgroup, rather than a Domain, then by default "Simple Filesharing" is turned on, and you won't see a security... -
User directory security
There is a security issue between Unix system and Apache web server. We have many users in our Unix system, i.e. user1, user2 with home directory... -
Server cannot access application directory... The directory does not exist or is not accessible because of security settings.
Hi, I have this issue with the error below. Let me explain my goal and my server environement: Goal: To have 3 separate web servers reading... -
Directory Security via ASP / Or Adding user to Win2000 users
Hello, I am working on a document management system for a client. I am planning to set up the system so that documents are protected, sort of.. A... -
user security policy active directory
I want to apply a policy to a single user in our domain. For example, take away the run command, force background, etc. Like you could do with... -
Adam Cameron #2 Re: Windows User Directory Security bypassed?
But it's IIS handling the security (ie: the user login screen). What SHOULDN'T
be happening is that IIS shouldn't be handing the request off to CF if the
authentication isn't validated.
It's not CF's job to handle website security: if it receives a request from
the webserver, it'll fulfil the request.
Adam
Adam Cameron Guest
-
Unregistered #3 Re: Windows User Directory Security bypassed?
I have the same problem with windows authentification not securing coldfusion docs. It apears to work on all other objects in a directory but not on the cfm pages. Has anyone come up with a soltuion?
Unregistered Guest
-
n_kips #4 Re: Windows User Directory Security bypassed?
If you have a dir that you want only certain users to access, use Application.cfm to control access. CF 7 introduced Application.cfc
Search the documentation on user authentication with Application.cfm
Basically, the Application.cfm can be put in any dir that needs to be secured. In order to get access to that dir, users will need to have a user session. It is in the Application.cfm that you define your session e.g. how long should it exists before it expires, if there is no activity, which page to take the people to if they need to login, which page to go to if the password is wrong, logging them in if the username and password is correct.
Also note that you may need to encrypt and decrypt the password, it is not advised to use plain text to store emails and passwords on db's.
You might also consider upgrading CF.
Junior Member
- Join Date
- May 2012
- Posts
- 3
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
