As I mentioned in the introduction, it is entirely possible and quite easy to build a robust security model using nothing more than a simple database table and a small bit of CFML code. Consider the portal example we created at the end of Chapter 7. This application is the perfect candidate for implementing security from scratch.
If you refer back to Chapter 7 for a moment, to Figure 7-6,
you’ll remember that we said security for the portal could be
handled by three templates:
Validate.cfm. Both authentication and
authorization functions are handled by these templates. If you look
at Figure 8-1, you’ll see the basic flow of
the authentication/authorization process. Note that this view differs
slightly from the one in Chapter 7 due to the
addition of two new templates that handle user registration.
Don’t worry about them for the time being, we’ll get to
them soon enough.
Figure 8-1. Security scheme for the portal application
The first step to building
security into the portal application is to create a database to store
username and password information. Table 8-1 shows
the schema for a single table called
will store our profile and security information.
Table 8-1. Setup for the User Security Table
Username (primary key) ...