O'Reilly logo

Programming ColdFusion MX, 2nd Edition by Rob Brooks-Bilson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Security from Scratch

As I mentioned in the introduction, it is entirely possible and quite easy to build a robust security model using nothing more than a simple database table and a small bit of CFML code. Consider the portal example we created at the end of Chapter 7. This application is the perfect candidate for implementing security from scratch.

If you refer back to Chapter 7 for a moment, to Figure 7-5, you’ll remember that we said security for the portal could be handled by two templates: Application.cfm and login.cfm. Both authentication and authorization functions are handled by these templates. If you look at Figure 8-1, you’ll see the basic flow of the authentication/authorization process. Note that this view differs slightly from the one in Chapter 7 due to the addition of a new template that handles user registration. Don’t worry about this template for the time being; we’ll get to it soon enough.

Security scheme for the portal application

Figure 8-1. Security scheme for the portal application

Creating a Simple Security Table in the Database

The first step to building security into the portal application is to create a database to store username, password, and role information. Table 8-1 shows the schema for a single table called Users that will store our profile and security information.

Table 8-1. Setup for the user security table

Field name

Field type

Max length

Username (primary key) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required