> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 08, 2005 1:36 PM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> Blank initialized system - Permission database is currently empty (no
> permission
Ok Jim,
I think I found the last area where we're getting mixed up. However, I
think I understand where you're coming from (and see some of the
advantages that you have suggested). My proposed idea below is still
storing the file information, but I'm using your filename-permission
idea. Check th
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 08, 2005 12:05 AM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> > I see the point but I'm not sure if I agree with the implementation.
&
Dave Watts wrote:
>>As of now, I know of no other way to uniquely identify other
>>than giving it a unique identifier.
>
>
> The file name and path is, by definition, unique within a filesystem. Why
> not just use that? CF itself uses this mechanism to track which files have
> been compiled, for
> As of now, I know of no other way to uniquely identify other
> than giving it a unique identifier.
The file name and path is, by definition, unique within a filesystem. Why
not just use that? CF itself uses this mechanism to track which files have
been compiled, for example.
Dave Watts, CTO, F
> I see the point but I'm not sure if I agree with the implementation.
>
> What you talking about here is metadata: information about the file. By
> putting all of this in the data base you're adding a level of complexity
> that I just wouldn't be comfortable with.
Well, it adds flexibility
> -Original Message-
> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 05, 2005 5:35 PM
> To: CF-Talk
> Subject: RE: Question about my security system
>
> Here's the functional difference:
>
> I've provided an application t
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 05, 2005 5:15 PM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> Users are then assigned into each of those groups utilizing a
> many-to-many r
>> -Original Message-
>> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]
>> Sent: Monday, September 05, 2005 11:30 AM
>> To: CF-Talk
>> Subject: RE: Question about my security system
>>
>> >> I'm sure that's how entitlements are d
>>template and then let the template know whether or not it can go ahead
>>and perform the requested entitlement.
>
>
> I think this is where I'm losing you. I see no difference between "groups"
> and "tasks" in this.
Ok, I think I figured out where we're getting mixed up. I come from
windows
> -Original Message-
> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 05, 2005 11:30 AM
> To: CF-Talk
> Subject: RE: Question about my security system
>
> >> I'm sure that's how entitlements are differentiated in
> >
>> -Original Message-
>> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]
>> Sent: Sunday, September 04, 2005 4:25 PM
>> To: CF-Talk
>> Subject: Re: Question about my security system
>>
>> > Here's the problem - what if there is a template
> -Original Message-
> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]
> Sent: Sunday, September 04, 2005 4:25 PM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> > Here's the problem - what if there is a template called
> > users.cf
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Sunday, September 04, 2005 3:24 PM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> That's assuming that you have a defined set of entitlements. So, let's
> s
> Here's the problem - what if there is a template called
> users.cfm for modifying user accounts. Now that user
> will also have edit, delete, post, and read access
> unless you differentiate the entitlement sets like:
> messageedit, message_delete, message_post, message_read,
> user_delete, user
Jim Davis wrote:
> retrieve userlevel
>
> if userlevel=admin
>Entitlements = delete, edit, post, read
> It's still the template that's protecting itself, not the security system
> enforcing rules over the template.
Ok, your version is a much cleaner example of the standard security
system t
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Sunday, September 04, 2005 3:50 AM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> Sorry,
> Now, the standard setup that I've seen goes as following: Most
>
> Sorry,
> I don't think I did the best job explaining it.
> My approach is definately not the standard setup.
> The key here is abstraction; abstracting any group
> membership checks from templates. I'll try and
> lay it out a bit more simply:
Hey Mike, you might have a look at the onTap framewor
>> Also, why wouldn't you trust the web server from
>> providing the correct file name to the CF server?
> It's not that I don't trust it... it's just that I don't
> trust it. ;^)
> If you're security system is based on this information
> then you really want as little dependency as possible.
>
Sorry,
I don't think I did the best job explaining it. My approach is
definately not the standard setup. The key here is abstraction;
abstracting any group membership checks from templates. I'll try and
lay it out a bit more simply:
Now, let's say you have one single template called message.
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Sunday, September 04, 2005 1:27 AM
> To: CF-Talk
> Subject: Re: Question about my security system
>
> Jim Davis wrote:
> > It seems like it might be overkill to tag every single page
Jim Davis wrote:
> It seems like it might be overkill to tag every single page (since then you
> would have to provide permissions to every single page). Are your needs
> really so complex that they can't be managed with groups?
Well, I need the application to know what file is what because it is
Bobby Hartsfield wrote:
> Being able to able to move and/or rename the templates and still have the
> system keep track of them will most definitely prove to be tough if
> everything else is important to you.
Here's my plan, the system will check to see if a file has an ID at the
top of it. If i
> -Original Message-
> From: Mike Soultanian [mailto:[EMAIL PROTECTED]
> Sent: Saturday, September 03, 2005 10:23 PM
> To: CF-Talk
> Subject: Question about my security system
>
> Like I mentioned in a previous post, I am creating a security system
> that assigns each CF page it's own uniq
e.com
usually the default document in a CF app would be index.cfm so
cgi.script_name in this case would be "index.cfm"
-Original Message-
From: Mike Soultanian [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 03, 2005 11:56 PM
To: CF-Talk
Subject: Re: Question about my secu
Bobby Hartsfield wrote:
> I haven't seen the previous thread you mentioned but the "easiest" way to
> secure specific templates is to have them all located under a central
> location like /secure or /administrative or whatever.
>
> In the top level of that directory put an Application.cfm that inc
I haven't seen the previous thread you mentioned but the "easiest" way to
secure specific templates is to have them all located under a central
location like /secure or /administrative or whatever.
In the top level of that directory put an Application.cfm that includes your
"security script" so it
27 matches
Mail list logo
