[Model-Glue] Question on Securing Model-Glue Pages

Tue, 24 Aug 2010 20:01:17 -0700 

Greeting

I've found several tutorials out there on various ways of securing
certain pages in modelglue and followed Dans suggestion from a past
email, but I've seen non model glue security implemented and whenever
one requested a page, it immediately threw up the login page.  The way
I've currently got my pages secured doesn't automatically throw up a
login page as im using the event handler and multiple event types to
only secure certain pages (model glue.XML snippet below), and I'm
pleased with the way it's working.

  Administrator Events -->
       <event-handler name="admin" type="secure,templatedPage">
               <!--
               <broadcasts>
                       <message name="needHonorsList" />
               </broadcasts>
               -->
               <views>
                       <include name="primary" template="default.cfm">
                       </include>
               </views>
       </event-handler>

       <event-handler name="adminList" type="secure,templatedPage">
               <views>
                       <include name="mymenu" template="layout/
dspMyMenu.cfm">
                               <value name="whichMenuIsCurrent"
value="admin" />
                       </include>
                       <include name="primary"
template="dspViewAdmins.cfm">
                       </include>
               </views>
       </event-handler>

       <event-handler name="honorshome" type="templatedPage">
               <views>
                       <include name="mymenu" template="layout/
dspMyMenu.cfm">
                               <value name="whichMenuIsCurrent"
value="home" />
                       </include>
                       <include name="primary"
template="dspViewNews.cfm">
                       </include>
               </views>
       </event-handler>

My quandry is this, and this may just be the way that Model Glue
handles handing off a page without going through the event=?? method.

If I have a file in my views directory called bleh.cfm, and I spell
out the entire path http://<server>/<appdir>/views/bleh.cfm, I get a
blank page returned.  Is this the expected functionality.  What should
one expect to happen if the security was coded perfectly.

I ask this as my boss is expecting to secure the entire directory, but
as it is, it only requests authentication when the event type is
"secure,??", and this to me is cool as I can only protect a few files
and leave the others public.

I hope I've made sense on this, but I'm still unclear as to what I
should expect, and what is considered the standard for security in
Model-Glue.

Thanks in Advance,

Cliff

-- 
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog

You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en

Reply via email to