Hi Dave, In terms of security, my opinion is that your concern should be with how the data is protected rather than the profiles a person can have. I was responsible for the architecture of a major real estate application and we implemented it in a similar way that you mentioned. Each user had "profiles" which each one representing either property, sale, or rental. Each type of profile had their own table, with a one-to-many relationship from the user.
Hope this helps, Richard On Sun, Jul 12, 2009 at 4:27 PM, Dave Maharaj :: WidePixels.com < [email protected]> wrote: > What would be the security holes to watch for in a situation like this > > Everyone who registers is a user > > User is then broken up into one of 2 groups depending on what role they > select (think of a real estate site where you maybe looking for a home or > selling so your either a buyer or seller) > > There is nothing to really prevent a user from signing up as each as each > side of the site is specific for the role they select and no interaction > between the 2 really but once you logged in you cant not access the > registration form again so sure you can logout and register again but get a > new user id so i really do not see any security issues with the idea..... > > But the user hasOne sellerProfile > and user hasOne buyerProfile seems to worry me somewhat because the user > can only have 1 or the other and not both. I split the profiles simply > because the information is so different for each side. > > Are there issues with this approach? > > Dave > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
