Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Framework 1

Status
Not open for further replies.

tlieu

IS-IT--Management
Jan 13, 2002
15
US
For future reference, I was wondering...

Given Example:
Site that allows workers to hook up with employers
-workers fill out resumes
-employers can browse resumes
-administrators can edit worker/employer account settings

Question:
What is the best way to structure the directories and tables to keep one group from getting access to anther groups files? I was thinking of three folders, one for each group, then a check_login.cfm include that is specific for each group. I would have 3 different db's just for safety's sake as well as to house dif info for each group...ie the workers would have their resume info, employers would have their account info, etc.

I was curious what others have done to maintain internal security between the different groups that have access to a site.
 
But what if the visitors decided to use a snooper app and see my application. Assuming they then register as a worker, they could be "logged in" and then jump to say, the administrator directory and open up whe pages there...
 
But what if the visitors decided to use a snooper app and see my application. Assuming they then register as a worker, they could be "logged in" and then jump to say, the administrator directory and open up whe pages there...
 
in each of your three folders have an application.cfm

in each of these have

<cfif not ISDEFINED(&quot;Session.UserID&quot;)>
<cflocation url=&quot;thisareasloginpage&quot;>
</cfif>
make sure the login page is outside the scope of the application files. i.e. in the directory above.

after this if have
<cfif Session.Area IS NOT &quot;Employers&quot;>
<cflocation url=&quot;thisareasloginpage&quot;>
</cfif>

in each login page set the appropriate session variables
if they login correctly.

The real issue is stoping people registering as employers
when they aren't. Thats if your using online registration for employers.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top