4 Replies Latest reply on Sep 10, 2007 8:19 AM by Newsgroup_User

    CFLOGIN  VS CFFORM

    TheScarecrow Level 1
      I am wondering what the difference between using CFLOGIN and a CFFORM for a login page? Is one better than the other?
        • 1. Re: CFLOGIN  VS CFFORM
          Dan Bracuk Level 5
          The difference? I'm trying to see a similarity.
          • 2. Re: CFLOGIN  VS CFFORM
            Level 7
            TheScarecrow wrote:
            > I am wondering what the difference between using CFLOGIN and a CFFORM for a login page? Is one better than the other?

            One creates a front end user interface and the other causes back end
            logic to be run if one there is no <cfloginuser...> in effect.

            <cfform...> creates forms (html, dhtml or flash) with optional client
            and|or server interaction for validation and other effects.

            <cflogin...> is a specific purpose 'if' block. If a user is not logged
            in with a <cfloginuser...> tag, run the code inside the <cflogin...>
            block, otherwise skip it.

            Other then that, they are very similar:-)

            • 3. Re: CFLOGIN  VS CFFORM
              TheScarecrow Level 1
              Is one more secure than than the other?
              • 4. Re: CFLOGIN  VS CFFORM
                Level 7
                TheScarecrow wrote:
                > Is one more secure than than the other?

                Ummmm.... I supose so???? A <cflogin...> without a <cfform...> - or
                some other method of user input - would be VERY secure because a user
                will never be able to login!

                They are completely different things, we are not even comparing apples
                and oranges we are comparing apples and pulsars!

                A <cfform...> is neither secure or insecure. It is simply one way to
                make a user interface. What you do with the data provided by the
                interface and how you protect yourself from malevolent input is what
                will determine if an application is secure or not.

                <cflogin...> is just a fancy "IF" statement. What you put inside that
                if statement to evaluate the input provided by the user will determine
                how secure the application is or is not.

                In and of themselves neither provide any security nor do they create
                security holes. They just are. It's what the developer puts inside
                them that will determine how secure an application is.