Erik Myhre wrote:
Hey Jeff,
Thanks for the advice. Looking at the code I figured I could probably
just edit the code to my liking, but I was curious if there was a more
elegant way to extend the current security.cfc. I was primarily
concerned with what happens when the plum framework is updated. I
figured if I could somehow just extend the framework and inherit
security.cfc I could replace the original plum .cfc's if I ever needed
to.
I haven't tried what you suggest, but it seems more elegant. I know it is was a
PITA
to modify everything when changes were made during the beta. I figure it took me about 30 minutes to do comparisons/mods
everytime a new beta came out. Now things have stabilized somewhat.
If you go down that route please share your experience. I may do that as well.
The other thing I am curious about is the plumRole table. It seems that
the IDE is tightly integrated to this table. If I modify the plum code
to use my own membership table will I have to maintain the plumRole
table to correctly use the IDE or is there a setting somewhere for the
IDE to point it to a different table. Possibly a config file of some
type?
Adam and David would be better to talk to about this. I haven't gotten to the
point where I have extended that area of Plum.
I do think this is the one area where there is going to be alot of discussion. Application security is one area where
one size does not fit all, and many people are already beginning to kludge the existing framework to fit their needs. It
definately needs to be more extensible so that people are not hacking the basic framework all the time, IMO.
Jeff
Thanks for the help, it's much appreciated!
Erik
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff
Fleitz
Sent: Tuesday, February 22, 2005 4:03 PM
To: [email protected]
Subject: Re: [plum] Integrating security
Hi Erik,
I have done this with almost every app I have built with Plum, and have
taken the approach of modifying the PlumUser table to include the extra
columns that I need. I then make the changes to the
NewUserForm/NewUserAction forms in the login sub-directory, and the
ProfileForm/ProfileAction pages in the profile subdirectory. Finally, I
make changes to the insert and update methods of the security.cfc
component so that the information is handled correctly.
I know Adam talked about using table in a one-to-one relation to add
additional information, but I have not tried this technique myself. To
me there doesn't seem to be an advantage to breaking extra info out into
a separate table, because you are still going to have to handle mods to
the security.cfc, etc., plus add one more table to maintain.
He was going to post a KB article on it, but got wrapped up in some
other stuff. He and David are in training this week, but will probably
check in to see whats up. Maybe he can shed some more light.
HTH,
Jeff
Erik Myhre wrote:
Hello,
I'm in a similar situation as John. I want to take advantage of the
security model built into Plum, but I need to collect and store more
information about the user than Plum has built in.
I'm looking for the "best practices" method of extending the
information
contained within the plumUser table? What is the recommended way of
pointing the plum security model to my own table and updating the
insertUser and updateUser functions of Security.cfc so they add and
update the additional information?
Anyone have any recommendations?
Thanks!
Erik
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of
*Hatcher, John
*Sent:* Tuesday, February 22, 2005 1:48 PM
*To:* '[email protected]'
*Subject:* [plum] Integrating security
We have our own security system in place for our intranet site. Plum
has its own security system which I would like to disable so we don't
put any further burden on our employees to remember/enter passwords.
Would this be as simple as selecting the "Users do not need to be
logged
in" under User Access for each project that requires this setup? -or-
(the reason I'm asking) is there some other technique that you would
recommend that has already been thought of that I haven't discovered
in
the product ? (how's that for a run-on sentence?)
Thanks for your help.
John A. Hatcher
Manager of IS
Versa Products Co., Inc.
voice: (201) 843-2400 x4148
fax: (201) 843-2931
[EMAIL PROTECTED]
**********************************************************************
You can subscribe to and unsubscribe from lists, and you can change
your subscriptions between normal and digest modes here:
http://www.productivityenhancement.com/support/DiscussionListsForm.cfm
**********************************************************************
**********************************************************************
You can subscribe to and unsubscribe from lists, and you can change
your subscriptions between normal and digest modes here:
http://www.productivityenhancement.com/support/DiscussionListsForm.cfm
**********************************************************************
**********************************************************************
You can subscribe to and unsubscribe from lists, and you can change
your subscriptions between normal and digest modes here:
http://www.productivityenhancement.com/support/DiscussionListsForm.cfm
**********************************************************************
