Hey, and welcome to fusebox. I'm gonna be selective and answer a few of your questions - never know, I might get carried away and answer them all.
Personally I use #fusebox.rootpath# whenever I call cfsecure, it's just a whole lot easier than having to work out the ../../ notation to get back up to the app root, especially when you're a few circuits down. Of course, if you have access to the custom tags directory of the CF server you could just dump a copy in there and call it via <cf_secure.....> As for Hal's proposal becoming part of the fusebox spec, it could happen but I think it's more likely to become a 'best practices' - I know he's got something new up his sleeve at the moment. Since everyone has their own stand point on security coming up with a 'standard fusebox' methodology would be a huge challenge. And yes, apart from hard coding your userpermissions, looks like you're on the right lines, There ya go, I answered all your questions, Jb. > > 2) Must I use Fusebox's API's rootPath variable like I did in > order to > refer to the secure.cfm file or should it be done in another way? > > 3) What are the chances of Hal Helms' proposal become part of the > Fusebox specification and when would that happen? > -----Original Message----- > From: Ney Andr� de Mello Zunino [mailto:[EMAIL PROTECTED]] > Sent: 29 May 2002 14:23 > To: Fusebox mailing list > Subject: Secure.cfm > > > Hello. > > This is my first post to this mailing list, so, before > anything else, I > would like to say hi to the fellow Fuseboxers. I am just a > newbie who is > interested in the methodology and who has been trying to get > a hold of > its concepts for the last 3 days. So far, I think I have made > significant progress and am very happy with what I have learned. > > To solidify my understanding, I have built a very simple application > with a basic authentication scheme and some dummy pages. What I am > trying to do now is add security control to it. I have found > out about > the proposed security model� on Hal Helms' website and > applied it to my > simple application. It works, but I have some questions. Here > is a code > snippet from a circuit's FBX_Switch.cfm file, where I use the tag: > > <cfmodule template="#fusebox.rootPath#secure.cfm" > userPermissions="3" > requiredPermission="1" > model="bit"> > <cfif variables.isPermitted> > <cfinclude template="dspHomePage.cfm"> > <cfelse> > <cflocation url="#self#?fuseaction=authentication.login"> > </cfif> > > Questions: > > 1) Despite the fact that I am hardcoding the user permissions, is my > usage correct? > > 2) Must I use Fusebox's API's rootPath variable like I did in > order to > refer to the secure.cfm file or should it be done in another way? > > 3) What are the chances of Hal Helms' proposal become part of the > Fusebox specification and when would that happen? > > Thank you, > > -- > Ney Andr� de Mello Zunino > Media and Technology Laboratory > Campus Computing Centre > United Nations University > > [1] http://halhelms.com/writings/ProposedSecurityModel.pdf > > > > > _____________________________________________________________________ > This message has been checked for all known viruses by UUNET > delivered > through the MessageLabs Virus Control Centre. For further > information visit http://www.uk.uu.net/products/security/virus/ > _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
