I long ago stopped using the traditional web site security model based on directory structure. I make use of request dispatchers that handle all requests and then dispatch the request to the correct handler. This allows among other things an easy way to handle security. Further, to speak directly to your question about LDAP; I do use it. Only my applications make use of JAAS for security, so they are decoupled from the actual implementation. Thus, one of my applications can run locally using a password database of my creation and use LDAP in production with only a simple configuration change at deployment; read no code changes.
-Matt On Wednesday, September 10, 2003, at 08:42 AM, Deanna Schneider wrote: >> Why not just run the server on your local machine for development? > Matt - this is what we're contemplating doing here. But, it brings up > other > issues - like how to handle directories that would be LDAP protected > on the > "live" (in our case development) server, where we rely on the > cgi.remote_user variable to determine who someone is. Do you use LDAP > to > protect directories? Does this mean all your developers run LDAP on > their > desktops so they can mimic what happens on the server? Or, do you > spoof code > on the local machines - something like: > <cfif NOT LEN(cgi.remote_user)> > <cfset loggedinuser = "somehardcodedvalue"> > <cfelse> > <cfset loggedinuser = cgi.remote_user> > </cfif> > > (I have no idea if it's even possible to run LDAP locally - let alone > being > able to replicate the data on the live server.) > > (I was trying to get at this and some other ideas with my development > environment thread, but it never got there....) > -Deanna > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
