content:
Add security protection to the application
ColdFusion The enterprise version has a built-in security protection architecture. However, if you cannot obtain the enterprise version of the ColdFusion server, or do not want to use the built-in security mechanism, then you can also build your own set of application security protection functions. Here we provide some practical ideas to get you started.
First of all, you have to create a template that contains a user login form, which must contain two fields: UserName and Password. Please store this file as, and in the future, when the user has not been authenticated, the user will be directed to this login page.
In the ColdFusion environment, the relevant definitions and parameter settings of an application are recorded in this file, and this file is the best place to place applications-wide security mechanism related programs. Here we will use a user status (session) variable to record the user's authentication status (although you can also use client variable to implement this function instead).
<CFPARAM NAME="" DEFAULT="No">
Once we define this variable, we can check whether the user has passed the authentication:
<CFIF IS "No">
Once we find that the user has not passed the authentication, we can check whether the user comes from the login form page through a series of program codes, and then compare whether the account number and password entered by the user are valid, and finally let the user pass the authentication program. In any stage of this program, if the user is unauthorized, we will direct the user to the login form page and stop executing any subsequent program code. Please refer to the following example program, the comments in it will explain the functions and uses of each step.
<!--- If the user is from the login form page... -->
<CFIF ISDEFINED("") AND ISDEFINED("")>
<!--- From the user's name, go to the database to query the user's information --->
<CFQUERY NAME="CheckPassword" DATASOURCE="mydsn">
SELECT UserName, Password
FROM Users
WHERE (UserName = '##')
</CFQUERY>
<!--- If the password is correct, the user will be granted the right to access the application --->
<CFIF IS ##>
<!--- Let the user pass the certification -->
<CFSET = "Yes">
<!--- If the password is incorrect, the login form will be displayed again -->
<CFELSE>
<CFINCLUDE TEMPLATE="/mypath/">
<CFABORT>
</CFIF>
<!--- If the form variable is in an undefined state, it means that the user is not from the login form page, so we display the login form. --->
<CFELSE>
<CFINCLUDE TEMPLATE="/mypath/">
<CFABORT>
</CFIF>
<!--- If the value of the variable is already YES, it means that the user has passed the authentication before. Skip the security check and continue to execute other parts of the application. --->
</CFIF>
If you put the above program code in it, it can provide a basic security mechanism for your entire application.
Previous page12345Next pageRead the full text