> -----Original Message----- > From: Ryan Guill [mailto:[EMAIL PROTECTED] > Sent: Friday, September 02, 2005 11:11 AM > To: CF-Talk > Subject: Re: COAL- the Coldfusion Open Application Library > > Alright, sounds good. So what type of security are we talking about? > Things like authentication and login models? Or are we talking more > like encryption? > > Sorry, but I havent really had a chance to check out those libraries yet.
When I built my system I gave this a lot of thought. Here are the features that I've built that I think are important for such a system: The DP Libraries system focuses on three fundamental aspects of a user in a security context: 1) Credential: This is the information the user needs to log in. Username/password for example. 2) Entitlements: This is the information about what the user is able to do based on their credentials. This may include roles (like "editor", "Admin", etc") or tasks (like "Add User", "Delete Article") or a combination of both. 3) Profile: This is non-security related information about the user. Name, phone number, address, etc. Each of these three concepts is represented by a CFC in the system. Although the system comes with these it allows you to replace any of them with one of your own. For example if the provided "Entitlement" CFC doesn't represent what you need you can build your own (or extend the provided one) and use that very easily. These are then managed by collection CFCs called "mediators" - any request for this information comes through the mediator (so that any updates are immediately reflected in the system - none of this "changes will take affect next login BS). The system runs as a service - you start it up (it can live in either the Application or Server scopes) and access it's services, but it provides no interface, no standard look, etc. The system provides all persistence access via defined "broker" components (DAO CFCs). Providing support for a different persistence entity means writing a new set of brokers - no changes to the core system are required at all. (You might have a set of brokers which interact with Active Directory or another that work with LDAP or any kind of database or flat file - the system doesn't care as long as the brokers return the date in the format expected). The system provides support for common security measures like "three strikes and your out login management and can enforce one active login per credential easily. All told I'm very proud of it. ;^) When it still needs is lots of documentation. It also doesn't (yet) have many methods to manage user communities (you can do some things, but not others). But all of the basic infrastructure is there and open source - feel free to borrow or steal from it. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217274 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
