Why would you avoid wddx(or another XML) or a database. We created an elaborate 
security based on SQL. If you use sql and a security structure you can cache session 
security checks and only hit the database for issues that have not been checked. You 
could also check every time if you do not want to use sesssion permissions caching. We 
found the SQL server bitwise logic made security and permissions checking very fast. 
We had the system running with MS Access also... but had to run more of the logic CF 
sided. It seems Access is missing more than enterprise scalability when it comes to 
SQL command sets. It may also be ODBC... not sure... just know we had to develope a 
tag we called authorize me to handle the interaction.

We secured the system on the following basis...
1. Groups connected to applications (The applications had extended permissions 
settings for fuseactions... i.e. an article editor would require edit permissions to 
edit an existing article. So, if you had a application called content and an action 
called editarticle, the connection to the group would be to the content group, and the 
special permission would be an edit permission.)
2. The groups are "roles" which allows you to create roles like administrator, editor, 
moderator and other roles for your web site/application. Then you assign people to 
roles. You modify roles and your permissions model is much more thinkable.
3. We built a administration interface... to have deep permissions you need an editing 
interface. This made management simple without sacrificing features.
4. The permissions were extended in a bitwise fashion. This allowed us to check user 
permission against permission requirements very fast.
5. The mid table connecting the user to the group had an application permission field 
to extend the rights of individual users for that application without the need of 
creating individual groups for individual permission extentions.

We are converting this to fusebox 3... and think it would be an excellent addition to 
the growing collection of "FuseBox Modules".

John Farrar

==^================================================================
This email was sent to: [email protected]

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================

Reply via email to