Implementing Security from Scratch
As I mentioned in the introduction, it is entirely possible and quite easy to build a robust security model using nothing more than a simple database table and a small bit of CFML code. Consider the portal example we created at the end of Chapter 7. This application is the perfect candidate for implementing security from scratch.
If you refer back to Chapter 7 for a moment, to Figure 7-5, you’ll remember that we said security for the portal could be handled by two templates: Application.cfm and login.cfm. Both authentication and authorization functions are handled by these templates. If you look at Figure 8-1, you’ll see the basic flow of the authentication/authorization process. Note that this view differs slightly from the one in Chapter 7 due to the addition of a new template that handles user registration. Don’t worry about this template for the time being; we’ll get to it soon enough.
Figure 8-1. Security scheme for the portal application
Creating a Simple Security Table in the Database
The first step to building security
into the portal application is to create a database to store
username, password, and role information. Table 8-1 shows the schema for a single table called
Users
that will store our profile and security
information.
Table 8-1. Setup for the user security table
Field name |
Field type |
Max length |
---|---|---|
|
Get Programming ColdFusion MX, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.