> > The latest CF 5 beta provides controls to flush the
> > security information caches within CF and SiteMinder in
> > the CF Admin interface, so it should be pretty easy to
> > do this programmatically in 5.
>
> In most cases I have seen user management is done externally,
> outside of CF/Spectra. I don't think it is desirable to have
> an LDAP admin notify the CF admin every time she changes an
> account.
You know, I thought it would turn out to be like that for us in general as
well, but it hasn't. Out of our clients' deployments, I don't think a single
one has had an existing user directory that we just plugged into. I agree
that user management should ideally be done from outside the specific CF
apps using the directory, though.
> If a user's credentials become invalid, access should be denied
> *immediately* (or as soon as possible.) I would think this is
> standard security practive. I'm really quite shocked at the lax
> approach allaire seem to be taking here. The password caching bug
> better not be in 5.0 or there will be some very pissed people out
> here.
Not having experimented at length with this, did the "Use ColdFusion Server
Cache" checkbox not work in CF 4.5? I agree that, if an account is
invalidated, there shouldn't be cached credentials. Nevertheless, caching
credentials isn't unheard of within network login environments - if, in a
relatively large NT domain, an account is removed, that user will still
often be able to create and maintain connections based on cached
credentials. Or, an account may have its associated permissions changed, but
not have that change take effect immediately due to cached credentials - I
encounter this problem a lot.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
