This content has been marked as final. Show 4 replies
The difference? I'm trying to see a similarity.
> I am wondering what the difference between using CFLOGIN and a CFFORM for a login page? Is one better than the other?
One creates a front end user interface and the other causes back end
logic to be run if one there is no <cfloginuser...> in effect.
<cfform...> creates forms (html, dhtml or flash) with optional client
and|or server interaction for validation and other effects.
<cflogin...> is a specific purpose 'if' block. If a user is not logged
in with a <cfloginuser...> tag, run the code inside the <cflogin...>
block, otherwise skip it.
Other then that, they are very similar:-)
Is one more secure than than the other?
> Is one more secure than than the other?
Ummmm.... I supose so???? A <cflogin...> without a <cfform...> - or
some other method of user input - would be VERY secure because a user
will never be able to login!
They are completely different things, we are not even comparing apples
and oranges we are comparing apples and pulsars!
A <cfform...> is neither secure or insecure. It is simply one way to
make a user interface. What you do with the data provided by the
interface and how you protect yourself from malevolent input is what
will determine if an application is secure or not.
<cflogin...> is just a fancy "IF" statement. What you put inside that
if statement to evaluate the input provided by the user will determine
how secure the application is or is not.
In and of themselves neither provide any security nor do they create
security holes. They just are. It's what the developer puts inside
them that will determine how secure an application is.