Re: Another Dynamic Database Issue
You are correct, the Cake connection is controlled by the database.php settings, so it uses a particular user to connect to the database. I hadn't thought this through before, but by virtue of the fact that you would want to use the built-in database security, you'd need to come up with a way to have each session have a connection that was based on the particular user. Sounds like a fairly large amount of twisting of Cake to me. Traditional web services use a single user with access to appropriate tables, and handles data access separately. I believe it would be possible to utilize the in-built SQL authentication, but like I said it would be a fairly large number of hoops to jump through (like setting up a user who isn't a DBA to be able to query the security tables in order to validate if the user should be able to use things or not). Nothing like building the whole security layer all over again if you want a challenge ;-) On Dec 11, 8:32 am, bademan <[EMAIL PROTECTED]> wrote: > I smell security implications... maybe it is just the burrito. Since > these accounts are SQL system accounts, that would imply that to > connect to the server in the first place, I would need a SQL login > account that has high level security access. This would be a bad idea > because the username and password will be in the "database.php" > file... right? Again maybe I am looking at this the wrong way. > > My reasoning above stems from the fact that when a user log into the > system, they have to be validated somehow. Now I would like to use the > user's supplied username and password to connect to the MS SQL DB but > in conventional cases, one has to connect to the database with a > specific (static) username and password and then check to see if the > supplied login credentials validate against the users table. From what > I have see so far "Auth and Acl" work better with the later case. > > If my thinking is incorrect, then I need to go back to the manual > again otherwise I am still up in a bind... Thanks for you input guys. > > B.I. > > On Dec 11, 8:34 am, Rob <[EMAIL PROTECTED]> wrote: > > > As long as it is SQL server security, it is essentially a table, and > > you should be able to model that with Cake. You basically just need > > the model for your users data and point Auth at that model. > > > That said, I have never tried this with SQL express, so it might take > > a bit of playing to get it to work. > > > Ultimately to use Auth, you have to tell Cake about the tables to use > > for authentication, and I'm thinking there would be a fair amount of > > code you'd need to add to get it to work with a table that is storing > > data differently than the standard Auth expects (e.g. - hashed > > passwords for instance). > > > On Dec 10, 1:23 pm, bademan <[EMAIL PROTECTED]> wrote: > > > > After chasing my tail a bit, I think I failed to expalin my dilemma > > > better. The database in question is an MS SQL Express DB and the user > > > accounts are not necessarily stored in a table within the DB, they are > > > more like DB system accounts (i.e. stored in SQLSERVER//Security// > > > Logins). This is why I am still unsure that Auth and Acl might be able > > > to solve the issue. Can you let me know if my task is still possible > > > (i.e. given the original context). Thanks. > > > > B.I. > > > > On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > > > > > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > > > > I just use Auth and ACL for what you're talking about. > > > > > > As Rob states Auth and ACL should be the way to go, but a word of > > > > > warning! I for one have had problems employing Auth and ACL and > > > > > judging by the amount of blogs and tutorials on the subject so do many > > > > > others. > > > > > > I came across the following blog today (within this group) which looks > > > > > promising to as a reference for finally getting my head around Auth > > > > > and ACL. May be worth a look ;) > > > > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > > > > Good luck! > > > > > Careful, like so many things out there those posts from my blog are > > > > old and (at least the technical details are) obsolete ;) that content > > > > predates 1.2 and the auth/acl components although the general concepts > > > > are of course still valid. > > > > > I'd recommend > > > > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > > > on any acl/auth quest. and quite simply any auth solution that isn't > > > > based on the core auth component is imo not a best practice - the auth > > > > component get's imporved and is widely used (and phenomenally > > > > configurable) whereas other solutions are not or even if they are have > > > > a much smaller userbase. > > > > > AD > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, sen
Re: Another Dynamic Database Issue
I smell security implications... maybe it is just the burrito. Since these accounts are SQL system accounts, that would imply that to connect to the server in the first place, I would need a SQL login account that has high level security access. This would be a bad idea because the username and password will be in the "database.php" file... right? Again maybe I am looking at this the wrong way. My reasoning above stems from the fact that when a user log into the system, they have to be validated somehow. Now I would like to use the user's supplied username and password to connect to the MS SQL DB but in conventional cases, one has to connect to the database with a specific (static) username and password and then check to see if the supplied login credentials validate against the users table. From what I have see so far "Auth and Acl" work better with the later case. If my thinking is incorrect, then I need to go back to the manual again otherwise I am still up in a bind... Thanks for you input guys. B.I. On Dec 11, 8:34 am, Rob <[EMAIL PROTECTED]> wrote: > As long as it is SQL server security, it is essentially a table, and > you should be able to model that with Cake. You basically just need > the model for your users data and point Auth at that model. > > That said, I have never tried this with SQL express, so it might take > a bit of playing to get it to work. > > Ultimately to use Auth, you have to tell Cake about the tables to use > for authentication, and I'm thinking there would be a fair amount of > code you'd need to add to get it to work with a table that is storing > data differently than the standard Auth expects (e.g. - hashed > passwords for instance). > > On Dec 10, 1:23 pm, bademan <[EMAIL PROTECTED]> wrote: > > > After chasing my tail a bit, I think I failed to expalin my dilemma > > better. The database in question is an MS SQL Express DB and the user > > accounts are not necessarily stored in a table within the DB, they are > > more like DB system accounts (i.e. stored in SQLSERVER//Security// > > Logins). This is why I am still unsure that Auth and Acl might be able > > to solve the issue. Can you let me know if my task is still possible > > (i.e. given the original context). Thanks. > > > B.I. > > > On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > > > > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > > > I just use Auth and ACL for what you're talking about. > > > > > As Rob states Auth and ACL should be the way to go, but a word of > > > > warning! I for one have had problems employing Auth and ACL and > > > > judging by the amount of blogs and tutorials on the subject so do many > > > > others. > > > > > I came across the following blog today (within this group) which looks > > > > promising to as a reference for finally getting my head around Auth > > > > and ACL. May be worth a look ;) > > > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > > > Good luck! > > > > Careful, like so many things out there those posts from my blog are > > > old and (at least the technical details are) obsolete ;) that content > > > predates 1.2 and the auth/acl components although the general concepts > > > are of course still valid. > > > > I'd recommend > > > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > > on any acl/auth quest. and quite simply any auth solution that isn't > > > based on the core auth component is imo not a best practice - the auth > > > component get's imporved and is widely used (and phenomenally > > > configurable) whereas other solutions are not or even if they are have > > > a much smaller userbase. > > > > AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
As long as it is SQL server security, it is essentially a table, and you should be able to model that with Cake. You basically just need the model for your users data and point Auth at that model. That said, I have never tried this with SQL express, so it might take a bit of playing to get it to work. Ultimately to use Auth, you have to tell Cake about the tables to use for authentication, and I'm thinking there would be a fair amount of code you'd need to add to get it to work with a table that is storing data differently than the standard Auth expects (e.g. - hashed passwords for instance). On Dec 10, 1:23 pm, bademan <[EMAIL PROTECTED]> wrote: > After chasing my tail a bit, I think I failed to expalin my dilemma > better. The database in question is an MS SQL Express DB and the user > accounts are not necessarily stored in a table within the DB, they are > more like DB system accounts (i.e. stored in SQLSERVER//Security// > Logins). This is why I am still unsure that Auth and Acl might be able > to solve the issue. Can you let me know if my task is still possible > (i.e. given the original context). Thanks. > > B.I. > > On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > > > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > > I just use Auth and ACL for what you're talking about. > > > > As Rob states Auth and ACL should be the way to go, but a word of > > > warning! I for one have had problems employing Auth and ACL and > > > judging by the amount of blogs and tutorials on the subject so do many > > > others. > > > > I came across the following blog today (within this group) which looks > > > promising to as a reference for finally getting my head around Auth > > > and ACL. May be worth a look ;) > > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > > Good luck! > > > Careful, like so many things out there those posts from my blog are > > old and (at least the technical details are) obsolete ;) that content > > predates 1.2 and the auth/acl components although the general concepts > > are of course still valid. > > > I'd recommend > > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > on any acl/auth quest. and quite simply any auth solution that isn't > > based on the core auth component is imo not a best practice - the auth > > component get's imporved and is widely used (and phenomenally > > configurable) whereas other solutions are not or even if they are have > > a much smaller userbase. > > > AD > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
After chasing my tail a bit, I think I failed to expalin my dilemma better. The database in question is an MS SQL Express DB and the user accounts are not necessarily stored in a table within the DB, they are more like DB system accounts (i.e. stored in SQLSERVER//Security// Logins). This is why I am still unsure that Auth and Acl might be able to solve the issue. Can you let me know if my task is still possible (i.e. given the original context). Thanks. B.I. On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > I just use Auth and ACL for what you're talking about. > > > As Rob states Auth and ACL should be the way to go, but a word of > > warning! I for one have had problems employing Auth and ACL and > > judging by the amount of blogs and tutorials on the subject so do many > > others. > > > I came across the following blog today (within this group) which looks > > promising to as a reference for finally getting my head around Auth > > and ACL. May be worth a look ;) > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > Good luck! > > Careful, like so many things out there those posts from my blog are > old and (at least the technical details are) obsolete ;) that content > predates 1.2 and the auth/acl components although the general concepts > are of course still valid. > > I'd recommend > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > on any acl/auth quest. and quite simply any auth solution that isn't > based on the core auth component is imo not a best practice - the auth > component get's imporved and is widely used (and phenomenally > configurable) whereas other solutions are not or even if they are have > a much smaller userbase. > > AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
> Careful, like so many things out there those posts from my blog are > old and (at least the technical details are) obsolete ;) that content > predates 1.2 and the auth/acl components although the general concepts > are of course still valid. Thanks for the heads up, any chance of an update to incorporate changes within 1.2? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > I just use Auth and ACL for what you're talking about. > > As Rob states Auth and ACL should be the way to go, but a word of > warning! I for one have had problems employing Auth and ACL and > judging by the amount of blogs and tutorials on the subject so do many > others. > > I came across the following blog today (within this group) which looks > promising to as a reference for finally getting my head around Auth > and ACL. May be worth a look ;) > > http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBlog/Blogs/view/ACLPart1http://www.ad7six.com/MiBlog/AclPart2 > > Good luck! Careful, like so many things out there those posts from my blog are old and (at least the technical details are) obsolete ;) that content predates 1.2 and the auth/acl components although the general concepts are of course still valid. I'd recommend starting http://book.cakephp.org/view/641/Simple-Acl-controlled-Application on any acl/auth quest. and quite simply any auth solution that isn't based on the core auth component is imo not a best practice - the auth component get's imporved and is widely used (and phenomenally configurable) whereas other solutions are not or even if they are have a much smaller userbase. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
> I just use Auth and ACL for what you're talking about. As Rob states Auth and ACL should be the way to go, but a word of warning! I for one have had problems employing Auth and ACL and judging by the amount of blogs and tutorials on the subject so do many others. I came across the following blog today (within this group) which looks promising to as a reference for finally getting my head around Auth and ACL. May be worth a look ;) http://www.ad7six.com/MiBlog/Authentication http://www.ad7six.com/MiBlog/Blogs/view/ACLPart1 http://www.ad7six.com/MiBlog/AclPart2 Good luck! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Another Dynamic Database Issue
I just use Auth and ACL for what you're talking about. That said, you said you already have access structured in the DB, so are you using a table in MS Access, users, or AD to control the database ACL? If you're using a table to control your user access, the Cake Auth and ACL are pretty cool. Doing something more complex isn't something I've done, but it should be possible with the same framework. On Dec 9, 9:21 am, bademan <[EMAIL PROTECTED]> wrote: > I am somewhat of a noob to cakePHP but I am pretty good at PHP > programming. I just started to work on a new project and because of > the scale, I decided to use CakePHP and I am still in the planning > stages. This is my main dilemma, users will need to log in so as to > gain access to the application. Also, when a user logs in, I would > like to use their username and password to authenticate them against > an MS SQL database. This database is structured in such a way that > user only have access to certain tables and views based on their log- > in credentials. > > So my question are... > > Is there a particular CakePHP User Authentication that is better > suited for this setup? I have been looking at obAuth and YACCA. > > Since the number of users will be dynamic, there is no point creating > a static number of DB connections settings in the database.php file. > Is my proposed setup even possible? and if it is how do I go about > implementing it? > > B.I. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Another Dynamic Database Issue
I am somewhat of a noob to cakePHP but I am pretty good at PHP programming. I just started to work on a new project and because of the scale, I decided to use CakePHP and I am still in the planning stages. This is my main dilemma, users will need to log in so as to gain access to the application. Also, when a user logs in, I would like to use their username and password to authenticate them against an MS SQL database. This database is structured in such a way that user only have access to certain tables and views based on their log- in credentials. So my question are... Is there a particular CakePHP User Authentication that is better suited for this setup? I have been looking at obAuth and YACCA. Since the number of users will be dynamic, there is no point creating a static number of DB connections settings in the database.php file. Is my proposed setup even possible? and if it is how do I go about implementing it? B.I. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---