Each application or site if you will, has its' own unique requirements in
terms of security. I can give you a generic example of how I handle it when
I have users, roles, and permissions.
I assign users to roles which come with "n" number of permissions by
default. I also assign "floating" permissions (those not designated to a
role) to a user as well. I then protect areas within my application by
checking roles and/or permissions. With MX 6.1 this is not that difficult at
all. Using the CFLOGIN features along with some home-grown ways of storing
permissions is definitely one route, and the route I have been using for
awhile.
You can go really crazy in terms of structuring permissions, depending again
on your needs. I tend to structure for the most complex of situations and
then the functionality can be had if and when it may be needed. That being
said, I tend to setup permission hierarchies... following the nested set
model of storage. If you are interested, google "Joe Celko nested sets" and
read up a little.. it is definitely some powerful SQL and code.
Other than that, there are a many many more ways to implement security. Do
you have something specific in mind?
Fusebox 3 eh? Move to FB 4 if you can, security then becomes even easier to
implement on many levels!
HTWI,
Mike
-----Original Message-----
From: Robert Everland III [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 8:35 AM
To: CF-Talk
Subject: How do you do security
I have been given the task of taking out current website from using
integrated windows security with permissions on everything and moving it to
coldfusion. So how do you do security? Has anyone else been given this
chore? Have you found an easy way to implement this? I am coding using
Fusebox 3 just in case anyone needed to know. Thanks for any help.
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
