You are correct, the Cake connection is controlled by the database.php settings, so it uses a particular user to connect to the database.
I hadn't thought this through before, but by virtue of the fact that you would want to use the built-in database security, you'd need to come up with a way to have each session have a connection that was based on the particular user. Sounds like a fairly large amount of twisting of Cake to me. Traditional web services use a single user with access to appropriate tables, and handles data access separately. I believe it would be possible to utilize the in-built SQL authentication, but like I said it would be a fairly large number of hoops to jump through (like setting up a user who isn't a DBA to be able to query the security tables in order to validate if the user should be able to use things or not). Nothing like building the whole security layer all over again if you want a challenge ;-) On Dec 11, 8:32 am, bademan <[EMAIL PROTECTED]> wrote: > I smell security implications... maybe it is just the burrito. Since > these accounts are SQL system accounts, that would imply that to > connect to the server in the first place, I would need a SQL login > account that has high level security access. This would be a bad idea > because the username and password will be in the "database.php" > file... right? Again maybe I am looking at this the wrong way. > > My reasoning above stems from the fact that when a user log into the > system, they have to be validated somehow. Now I would like to use the > user's supplied username and password to connect to the MS SQL DB but > in conventional cases, one has to connect to the database with a > specific (static) username and password and then check to see if the > supplied login credentials validate against the users table. From what > I have see so far "Auth and Acl" work better with the later case. > > If my thinking is incorrect, then I need to go back to the manual > again otherwise I am still up in a bind... Thanks for you input guys. > > B.I. > > On Dec 11, 8:34 am, Rob <[EMAIL PROTECTED]> wrote: > > > As long as it is SQL server security, it is essentially a table, and > > you should be able to model that with Cake. You basically just need > > the model for your users data and point Auth at that model. > > > That said, I have never tried this with SQL express, so it might take > > a bit of playing to get it to work. > > > Ultimately to use Auth, you have to tell Cake about the tables to use > > for authentication, and I'm thinking there would be a fair amount of > > code you'd need to add to get it to work with a table that is storing > > data differently than the standard Auth expects (e.g. - hashed > > passwords for instance). > > > On Dec 10, 1:23 pm, bademan <[EMAIL PROTECTED]> wrote: > > > > After chasing my tail a bit, I think I failed to expalin my dilemma > > > better. The database in question is an MS SQL Express DB and the user > > > accounts are not necessarily stored in a table within the DB, they are > > > more like DB system accounts (i.e. stored in SQLSERVER//Security// > > > Logins). This is why I am still unsure that Auth and Acl might be able > > > to solve the issue. Can you let me know if my task is still possible > > > (i.e. given the original context). Thanks. > > > > B.I. > > > > On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > > > > > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > > > > I just use Auth and ACL for what you're talking about. > > > > > > As Rob states Auth and ACL should be the way to go, but a word of > > > > > warning! I for one have had problems employing Auth and ACL and > > > > > judging by the amount of blogs and tutorials on the subject so do many > > > > > others. > > > > > > I came across the following blog today (within this group) which looks > > > > > promising to as a reference for finally getting my head around Auth > > > > > and ACL. May be worth a look ;) > > > > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > > > > Good luck! > > > > > Careful, like so many things out there those posts from my blog are > > > > old and (at least the technical details are) obsolete ;) that content > > > > predates 1.2 and the auth/acl components although the general concepts > > > > are of course still valid. > > > > > I'd recommend > > > > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > > > on any acl/auth quest. and quite simply any auth solution that isn't > > > > based on the core auth component is imo not a best practice - the auth > > > > component get's imporved and is widely used (and phenomenally > > > > configurable) whereas other solutions are not or even if they are have > > > > a much smaller userbase. > > > > > AD > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
