Coldfusion protect admin section questions

70 views Asked by At

What is a good full proof way to protect an admin section of a site? So that if someone is logged in with a standard user role they would be redirected back to the root. Would it better to do that in application.cfc or handle it on the individual pages?

1

There are 1 answers

3
Adrian J. Moreno On BEST ANSWER

The quick and dirty is that you should be using role based permissions. If you load the user's roles on login, you should be able to check if the user has a specific role before accessing various functionality throughout the application.

Let's say you have a basic app like this:

/Applicaiton.cfc - global settings 
/index.cfm 
/admin/Application.cfc - admin settings, extends the root Application.cfc
/admin/index.cfm 

In the Application.cfc in the admin app folder, you can use onRequestStart to check for the admin role in the user's session object, then kick out (redirect) users that don't have that role. This would give you a single place to control access to all the code under the /admin/ folder.

The problem with this question is that there are so many ways to address this issue and without knowing how your application is setup, there's no way to know if this can be addressed in such a simple manner with your current implementation.