Neil, I wrote a <cflogin> based system a while back. The only weird thing I found with <cflogin>, at least in CF MX and MX 6.1 is that I had to have a lone <cflogin /> call at some point at the beginning of the request (like in onRequestStart or in Application.cfm) in order for any of the cflogin based functions to work properly (ie. getAuthUser(), isUserInRole(), etc.)
Other than that one quirk, I had 0 problems with it. Some other CF devs I've talked to don't like it, but I don't know of any major security issues it causes. I guess if you need something more complex than just assigning a user to roles, you might need to roll your own, but I would definitely use <cflogin> again. I even used the "roles" parameter in some of my CFC functions, and it worked great. If anyone does know of some drawbacks to using <cflogin>, other than needing a more complex system, I would certainly like to know what they are. I'd be happy to send you some code off list if you like. Just hit me up if you're interested. Thanks, Justin On 10/5/06, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> wrote: > > Does cflogin etc not cut the mustard? Does anyone use it? > > > > > > "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, > Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, > Registered in England, Number 678540. It contains information which is > confidential and may also be privileged. It is for the exclusive use of > the > intended recipient(s). If you are not the intended recipient(s) please > note > that any form of distribution, copying or use of this communication or the > information in it is strictly prohibited and may be unlawful. If you have > received this communication in error please return it to the sender or > call > our switchboard on +44 (0) 20 89107910. The opinions expressed within > this > communication are not necessarily those expressed by Reed Exhibitions." > Visit our website at http://www.reedexpo.com > > -----Original Message----- > From: Mike Kear > To: CF-Talk > Sent: Thu Oct 05 07:17:38 2006 > Subject: Re: Object Oriented Role Base Security > > I just wrote one. I have to say authentication with a user bean in > the session scope makes many things easier - passing a neat parcel of > data about the user from hither to thither is a cinch and I always > have available a lot of the regularly used details about the user - > the name, how many times they've logged in, when they were last logged > in etc. . great stuff. > > And doing the authentication proved to be pretty much simpler too. > Pass the username/password over to the UserAccess.cfc and get back a > validated userbean. Brilliant. > > However it's not ready for prime time - there are still too many of my > own coding quirks and a few "i'll fix that later on, just comment it > out for now" parts of the UserAccess.cfc so I'm not quite ready to > share it. > > But when i've had a chance to clean it up and fix the things that need > fixing, add the validation where it's lacking at the moment, I'll > gladly share with you. I like it! > > Cheers > Mike Kear > Windsor, NSW, Australia > Adobe Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > > > > On 10/5/06, Denny Valliant <[EMAIL PROTECTED]> wrote: > > Heh. The silver bullet! > > > > If you find it, holler, I too would be interested... > > > > Other than that, you can try checking out the (sheesh, I'm bad today) > > the MG list, as a nice discussion of this has been going down for a > > few days. It's more geared for MG than just anything though (although > > MG seems to be (sorta) a concept, so thus applicable elsewhere, if one > > grokked it well enough), so that might not really be that great of a > > resource for you. > > > > Hrm... I don't know of anthing that blew my socks off conceptually... > > or I'm forgetting it. > > > > I would for sure take a look at depressedpress.com (Jim has shared > > some really nice stuff, and has some modular whatnot going on). Yeah, > > Props Jim, and thanks for sharing! > > > > That's all I got for you, at the moment. > > And all I have for CF talk at the moment too. > > > > Really, I'm gonna sign up for community later on, I swear. Then my > > posts will be all business like, and profesh. honest. > > Or at least much fewer random political comments... yup. fer sure. > > :Denny > > > > On 10/4/06, Jeff Chastain <[EMAIL PROTECTED]> wrote: > > > Does anybody know of an example, article, or tutorial on building an > object > > > oriented role based security system? I have gotten tired of > re-inventing > > > the wheel for each application and would like to build a modular > security > > > system that could be fairly easily dropped into any application and > quickly > > > integrated without starting from scratch. Any suggestions? > > > > > > Thanks. > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255742 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
