---
I'll have to look at it next week, right now I am bogged down in Accessible
PDF and Fusebox research (why the heck can anybody get away with writing
spaghetti code, but when you want to do things in a standardized way,
everyone wants you to jump through hoops?)
_____
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 10:08 AM
To: Fusebox
Subject: RE: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6461
---
Dang, it didn't attach it. Here's a URL:
http://dev.secretagents.com/experiments/Fusebox4.x/permissions/act_permissio
ns.zip
Sandy is your model dramatically different?
Steve
_____
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 9:57 AM
To: Fusebox
Subject: RE: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6460
---
I'm not sure if we can attach files here or not, but I've attached a
permissions model I've found covers every situation I've ever needed.
It covers three basic areas of securing an application.
1) A circuit. - a Permission can state whether a user is granted
access to any fuseactions in a circuit
2) A Fuseaction - a Permission can state whether a user is granted
access to a fuseaction in a circuit
3) A boolean variable - Secures some area of a fuse
The attached fuse automatically handles circuit/fuseaction security. Then it
dynamically produces the values of the boolean variables. So to secure a
section of fuse you just do this:
<cfif canEditData>
<input....>
</cfif>
The beauty of this approach is that if you need to override the settings, it
takes nothing more than to manually set the value of the boolean variable.
<cfset canEditData=1> It doesn't require external functions or searching a
list or understanding bitAnd/bitOr. Either the variable is true or it's
false. That's it.
Steve
_____
From: Sandy Clark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 9:35 AM
To: Fusebox
Subject: RE: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6459
---
http://halhelms.com/index.cfm?fuseaction=newsletters.show
<http://halhelms.com/index.cfm?fuseaction=newsletters.show&issue=052203_role
sBasedSecurity> &issue=052203_rolesBasedSecurity
_____
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 9:20 AM
To: Fusebox
Subject: RE: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6458
---
What the heck is a lock key approach?
Steve
_____
From: Sandy Clark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 8:24 AM
To: Fusebox
Subject: RE: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6451
---
I am,
I've written a security plugin that I currently have in testing. I am doing
a lock key approach. If you are interested in helping test it, contact me.
_____
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 8:04 AM
To: Fusebox
Subject: fuseaction permissions
Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6448
---
Is anyone making use of the "permissions" attribute in the fuseaction tag in
their apps?
Steve
_____
_____
_____
_____
_____
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
