O'Reilly logo

Programming ColdFusion by Rob Brooks-Bilson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Security from Scratch

As I mentioned in the introduction, it is entirely possible and quite easy to build a robust security model using nothing more than a simple database table and a small bit of CFML code. Consider the portal example we created at the end of Chapter 7. This application is the perfect candidate for implementing security from scratch.

If you refer back to Chapter 7 for a moment, to Figure 7-6, you’ll remember that we said security for the portal could be handled by three templates: Application.cfm, Login.cfm, and Validate.cfm. Both authentication and authorization functions are handled by these templates. If you look at Figure 8-1, you’ll see the basic flow of the authentication/authorization process. Note that this view differs slightly from the one in Chapter 7 due to the addition of two new templates that handle user registration. Don’t worry about them for the time being, we’ll get to them soon enough.

Security scheme for the portal application

Figure 8-1. Security scheme for the portal application

Creating a Simple Security Table in the Database

The first step to building security into the portal application is to create a database to store username and password information. Table 8-1 shows the schema for a single table called Users that will store our profile and security information.

Table 8-1. Setup for the User Security Table

Field Name

Field Type

Max Length

Username (primary key) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required