Re: rdAuth? Users? ACL?
On May 11, 2006, at 6:21 PM, tom wrote: > > I'm trying it out right now, and so far... > in the last code sample, $this->checkAccess(); should probably be > $this->checkSession(); Good eye... good eye. Thanks! -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
You can also try this : http://othy.wordpress.com/2006/05/12/othauth-02-released/ tom wrote: > Hi, > > I'm very experienced with PHP and somewhat experienced with CakePHP. > I'm interested in building a simple app, but one of the things that I'm > not sure how to do is user authentication. Is there a best practice for > this? It seems like some people use rdAuth, which might be broken, and > some use Access Control Manager, which is definitely broken, and some > build their own with dbACL, but there's no documentation for that (or > for the other two options.) Is there a good way to go about this? > > Thanks, > > Tom > > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
This rocks. I was just exploring this problem on Wednesday and lo and behold - there is now an answer. Thank you John, and thank you Cake for making the complex achievable. John Anderson wrote: > *throws confetti* > > http://manual.cakephp.org/chapter/19 > > ;o) > > I was gonna wait till someone proofed it, but no one has bothered me > about major problems with it. > > -- John > > On May 11, 2006, at 5:15 PM, calzone wrote: > > > > > You beat me to it! > > > > I was very excited to see this chapter in the manual magically appear. > > I'm very grateful to see this addition and I think it will really help > > a lot of us just getting started. > > > > So come on, where's the confetti guys? Jeesh, talk about a low key > > announcement. > > > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
Also, urls on the Manual page are changing... they should probably be static. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
I'm trying it out right now, and so far... in the last code sample, $this->checkAccess(); should probably be $this->checkSession(); Also, the login page is throwing an error because the variable 'error' is not defined, but this might be a PHP mode problem. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
*throws confetti* http://manual.cakephp.org/chapter/19 ;o) I was gonna wait till someone proofed it, but no one has bothered me about major problems with it. -- John On May 11, 2006, at 5:15 PM, calzone wrote: > > You beat me to it! > > I was very excited to see this chapter in the manual magically appear. > I'm very grateful to see this addition and I think it will really help > a lot of us just getting started. > > So come on, where's the confetti guys? Jeesh, talk about a low key > announcement. > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
On May 11, 2006, at 5:11 PM, tom wrote: > > But they need to add at least something about hashing... Yeah I wrote it yesterday because of everyone's comments. I hope it clears things up a bit. Its meant to be very simple - It isn't meant as a security article (I'm not going to mention hashes or the like, its up to you folks to decide on those sorts of things): its just meant to show you how you might slip your auth stuff into the way Cake works. Send me notes on it if you find oddities or you have suggestions. -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
You beat me to it! I was very excited to see this chapter in the manual magically appear. I'm very grateful to see this addition and I think it will really help a lot of us just getting started. So come on, where's the confetti guys? Jeesh, talk about a low key announcement. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
But they need to add at least something about hashing... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
It looks like they are at least starting to address this issue: http://manual.cakephp.org/chapter/19 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
Maybe I'm not seeing the forrest for the trees or some other weird metaphor like that. I guess I'm just not getting it. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
I don't know, but seems to me like you've just described Cake's ACL. You can stick ACL checks wherever you want (AppController, Controller, Action, etc.). You can have a million groups, or just a single "authenticated" group if you want to. ACO's have action permissions default for CRUD operations. Persistence is handled by sessions (on by default in Cake). Authentication is your job, because this varies wildly. SQL for the setup is distributed with Cake, along with a setup script. -- J On May 8, 2006, at 11:47 AM, calzone wrote: > > I think this is precisely the kind of thing that shouldn't change from > app to app. > > Yes, you would want to configure things from app to app, but by and > large, imho, an authentication system should be standardized as a best > practices model that is available for a developer to leverage. > > The developer should be able to: > > 1) enable authentication across the whole app, just a directory, or on > single views or models or controller methods (and able to exclude > single pages from whole-app or directory based protection). A simple > directive to turn it on at any given level would suffice, along with a > directive to suppress it at any given level. Similarly, the > ability to > set an enforce ssl flag at the same varying levels would be good. > There > would be a default login view and model, but no default user or group > admin. > > 2) not worry about groups unless up front... a default configuration > assumes everyone is in one of two groups (authenticated or anonymous) > > 3) on a per-app, per-dir, per-view, per model (or within a model, > per-field), per-controller method basis, define access level for each > role or even a single user in terms of default read or hide (and for > models and fields, create and edit). > > 4) on a per-app basis, set persistence, and whether ssl should be > enforced on login, in an auth.conf file or something like that > (encrypted cookie vs session vs non-persistent, cookie expiration date > or session length). > > Whatever database tables are required for that would be part of a > standard sql script distrbuted, after which the developer would simply > edit the roles/groups table either directly in the db or by creating a > page to do it. > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
I think this is precisely the kind of thing that shouldn't change from app to app. Yes, you would want to configure things from app to app, but by and large, imho, an authentication system should be standardized as a best practices model that is available for a developer to leverage. The developer should be able to: 1) enable authentication across the whole app, just a directory, or on single views or models or controller methods (and able to exclude single pages from whole-app or directory based protection). A simple directive to turn it on at any given level would suffice, along with a directive to suppress it at any given level. Similarly, the ability to set an enforce ssl flag at the same varying levels would be good. There would be a default login view and model, but no default user or group admin. 2) not worry about groups unless up front... a default configuration assumes everyone is in one of two groups (authenticated or anonymous) 3) on a per-app, per-dir, per-view, per model (or within a model, per-field), per-controller method basis, define access level for each role or even a single user in terms of default read or hide (and for models and fields, create and edit). 4) on a per-app basis, set persistence, and whether ssl should be enforced on login, in an auth.conf file or something like that (encrypted cookie vs session vs non-persistent, cookie expiration date or session length). Whatever database tables are required for that would be part of a standard sql script distrbuted, after which the developer would simply edit the roles/groups table either directly in the db or by creating a page to do it. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
On May 7, 2006, at 9:19 PM, tom wrote: > > My problem is that I see ACL as a somewhat useful solution, but that > it's so abstract that it needs some kind of wrapper so that ACOs > can be > used as users (especially because it seems like there is absolutely no > other way that they could be used). This is actually by design. Rather than trying to store all your user information in the ACO table, you can use an ID to link it to actual user data. There's a bajillion ways people want to store their users, and by allowing people to link to them, you're able to get the best of both worlds. The other reason is that ACOs are *not* always users in the system. An ACO might be an outside web service, a controller, a controller action. Its meant to be super flexible and powerful. As such, it takes a bit to get going. If you think a simple session and beforeFilter deal works for you, I'd go for it. ACL is not meant for super simple, its meant for granular access and better role management. If you're not even using roles, I don't think I'd be using ACL at all. > Otherwise, it seems like the way to > use ACLs for authenticated users seems difficult enough that people > just homebrew something or other. Again, I'm pretty sure that's what it was designed for. I'm personally against Cake having a complete auth/persistence layer, because I think it changes so much from app to app. The places are available for people to hook things they like in, and by omitting a feature like this, the codebase stays lean and simple. -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
My problem is that I see ACL as a somewhat useful solution, but that it's so abstract that it needs some kind of wrapper so that ACOs can be used as users (especially because it seems like there is absolutely no other way that they could be used). Otherwise, it seems like the way to use ACLs for authenticated users seems difficult enough that people just homebrew something or other. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, I'm using beforeFilter in my app/app_controller.php to check for existence of a valid_login entry in my cake session. That valid_login entry gets set from my app/controllers/users_controller. When a user tries to hit a protected section of my application (which is all parts of my app), app_controller's beforeFilter redirects them to /users/login unless that valid_login entry exists in my cake session. This /users/login action is where I present a form requesting username and password, when there is no post data, or verify the posted username and password as valid. I'm making use of http://www.openwall.com/phpass/ for password hashing. Hope this helps, Darian tom wrote: > Hi, > > I'm very experienced with PHP and somewhat experienced with CakePHP. > I'm interested in building a simple app, but one of the things that I'm > not sure how to do is user authentication. Is there a best practice for > this? It seems like some people use rdAuth, which might be broken, and > some use Access Control Manager, which is definitely broken, and some > build their own with dbACL, but there's no documentation for that (or > for the other two options.) Is there a good way to go about this? > > Thanks, > > Tom > > > > - -- Darian Anthony Patrick <[EMAIL PROTECTED]> -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEXriTKpzEXPWA4IcRAtAuAJ0fuXGywiBP4ws8+GVftFME2uWZ/gCeN/FI KqrD1vJe30zRNFLcFmfFnyA= =C2tO -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
In the past, I would roll my own authentication: Add a trap to the top of every page, check the cookies, authenticated? no? include login page, suppress remainder of page. User enters credentials, they get compared to the database, an encrypted cookie saying everything's hunky dory gets set, user level gets set, user gets to decide if cookie is temporary or with expiration date. Well, aside from coding a page that does all this in cake, and then figuring out how to enforce it on every page, I'm not sure how to go about doing this manually in cake. But you know what? That's the whole point of using a framework, is to NOT have everyone out there trying homegrown authentication with all it's inherent insecurity, inconsistency, and difficulty in scaling/managing. A cake solution would include the ACL to basically provide the most robust, secure, and easy to maintain security. Users and groups? Permissions? Wow, those are all things I'd never have dreamed of micromanaging on a community website or corporate intranet in the past. But how sweet it would be to be able to do so easily and securely. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
Hey all, I am working on the ACM project which is a visual interface to mange Cake's built in ACL. It can be found at http://cakeforge.org/projects/acm/ . There still may be some bugs on various installs and I have not had a chance to create any in depth docs for it, however, I will do what I can to help you get it up and running, also feel free to jump on IRC and Private Message me if I am not active in the room. ~rpeterson --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
I haven't looked into the CakePHP ACL/Auth features very much yet (although it is next on my list, being new to CakePHP), but is it reasonable to assume that one could setup PEAR Auth as a CakePHP plugin?Better yet, has someone already done this? ThanksOn 5/7/06, John Anderson <[EMAIL PROTECTED]> wrote: On May 7, 2006, at 7:12 PM, tom wrote:>> Hi,>> I'm very experienced with PHPHow did you normally set something like this up before you used Cake?It shouldn't be hard to adapt to the way Cake works: You have some sort of user-persistence (sessions, most often)You have some sort of authentication (which you just wrap in a Cakecontroller action)You have some way to check access (the beforeFilter in controllers is good for this).I think the main reason this sort of thread never gets answered isbecause the question asked is akin to "Please design me a system."You might get better results if you offer some ideas, or better yet, something you've tried and is or isn't working for you.> and somewhat experienced with CakePHP.> I'm interested in building a simple app, but one of the things that> I'm> not sure how to do is user authentication. Is there a best practice > for> this? It seems like some people use rdAuth, which might be broken, and> some use Access Control Manager, which is definitely broken, and some> build their own with dbACL, but there's no documentation for that (or > for the other two options.) Is there a good way to go about this?The documentation for ACL is in the manual:http://manual.cakephp.org/chapter/12 -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
On May 7, 2006, at 7:12 PM, tom wrote: > > Hi, > > I'm very experienced with PHP How did you normally set something like this up before you used Cake? It shouldn't be hard to adapt to the way Cake works: You have some sort of user-persistence (sessions, most often) You have some sort of authentication (which you just wrap in a Cake controller action) You have some way to check access (the beforeFilter in controllers is good for this). I think the main reason this sort of thread never gets answered is because the question asked is akin to "Please design me a system." You might get better results if you offer some ideas, or better yet, something you've tried and is or isn't working for you. > and somewhat experienced with CakePHP. > I'm interested in building a simple app, but one of the things that > I'm > not sure how to do is user authentication. Is there a best practice > for > this? It seems like some people use rdAuth, which might be broken, and > some use Access Control Manager, which is definitely broken, and some > build their own with dbACL, but there's no documentation for that (or > for the other two options.) Is there a good way to go about this? The documentation for ACL is in the manual: http://manual.cakephp.org/chapter/12 -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: rdAuth? Users? ACL?
Looks like a standardized site-wide authentication system / user management is near the top of the list of enhancement requests. Are there any plans to introduce something like this in a release soon? If so, is there a spec or requirements doc available? I wish I could help, but my oop experience is lacking, although my php experience is fairly healthy. But if there's anything I can do to help out, I would be happy to. chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
rdAuth? Users? ACL?
Hi, I'm very experienced with PHP and somewhat experienced with CakePHP. I'm interested in building a simple app, but one of the things that I'm not sure how to do is user authentication. Is there a best practice for this? It seems like some people use rdAuth, which might be broken, and some use Access Control Manager, which is definitely broken, and some build their own with dbACL, but there's no documentation for that (or for the other two options.) Is there a good way to go about this? Thanks, Tom --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---