Hey Jochem,
Really appreciate your thoughts on this...
Suppose you do want all of your students to be able to experiment with
CFML. You want them to learn about SQL perhaps within the confines of
QoQ. But you know they come and go every year and aren't around long
enough to learn advanced best practices. SO you do things like enforce
strict tag attributes and have CFAdmin check all locks.
But they're not really ready to write complex stored procedures and
outer joins with nested selects or something. So, you package these in
custom tags and disable their CFQUERY to prevent them from even trying
it.
CFML is so wonderful because it is so easy to pick up. But it is
powerful and as the language evolves, it might be helpful to make the
security framework even more flexible to allow a campus ISP to perhaps
host "tiered" contribution groups. ("If you hang my server, you get
bumped down to the novice group where you can only call custom tags...")
Am trying to think of better examples. Again, thanks.
-----Original Message-----
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 4:37 AM
To: CF-Talk
Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in
another
Blum, Jason (SAA) wrote:
>
> Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all
a
> University's various colleges' websites on one server.
Make that fraternities and student societies and I do :-)
> None of them had
> particularly good developers and instead of teaching them all SQL and
> relational database theory
You would be surprised how little CS students know about
databases. I much prefer EE students as webmaster :-)
> you just gave them backend logins to a CMS
> which you then queried on the front end. You even packaged that query
> in a custom tag or component. It's all working so well that you now
> want to discourage new grad students from even trying their own sql
> queries in their code, but instead to tie only into your custom tag.
And this is the part that would not work (at least for us). The
thing is that they all have different needs and they all want to
integrate with different backend systems. The rowing society
wants to tie his user db into a reservation system for the boats.
Fraternities want to tie it into a database for bookkeeping the
beer. Student houses want to tie it into a system to keep track
of who will attend dinner.
And they are students, so they want to do it the hard way no
matter how easy you make it.
> How do you keep the calling templates' sandbox restrictions from
> extending to their use of your custom tag?
You don't. Not in the way CF works (but I think it is a Java
thing so you might have more luck with C customtags).
But in your scenario, why not just install PHPNuke for them and
give them the admin password of that? If you don't want them to
write code, why not go the whole way and write a content
management system and let them use that, don't even give them FTP
access to a server.
Jochem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics.
http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
