Why would you avoid wddx(or another XML) or a database. We created an elaborate security based on SQL. If you use sql and a security structure you can cache session security checks and only hit the database for issues that have not been checked. You could also check every time if you do not want to use sesssion permissions caching. We found the SQL server bitwise logic made security and permissions checking very fast. We had the system running with MS Access also... but had to run more of the logic CF sided. It seems Access is missing more than enterprise scalability when it comes to SQL command sets. It may also be ODBC... not sure... just know we had to develope a tag we called authorize me to handle the interaction.
We secured the system on the following basis... 1. Groups connected to applications (The applications had extended permissions settings for fuseactions... i.e. an article editor would require edit permissions to edit an existing article. So, if you had a application called content and an action called editarticle, the connection to the group would be to the content group, and the special permission would be an edit permission.) 2. The groups are "roles" which allows you to create roles like administrator, editor, moderator and other roles for your web site/application. Then you assign people to roles. You modify roles and your permissions model is much more thinkable. 3. We built a administration interface... to have deep permissions you need an editing interface. This made management simple without sacrificing features. 4. The permissions were extended in a bitwise fashion. This allowed us to check user permission against permission requirements very fast. 5. The mid table connecting the user to the group had an application permission field to extend the rights of individual users for that application without the need of creating individual groups for individual permission extentions. We are converting this to fusebox 3... and think it would be an excellent addition to the growing collection of "FuseBox Modules". John Farrar ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
