I smell security implications... maybe it is just the burrito. Since these accounts are SQL system accounts, that would imply that to connect to the server in the first place, I would need a SQL login account that has high level security access. This would be a bad idea because the username and password will be in the "database.php" file... right? Again maybe I am looking at this the wrong way.
My reasoning above stems from the fact that when a user log into the system, they have to be validated somehow. Now I would like to use the user's supplied username and password to connect to the MS SQL DB but in conventional cases, one has to connect to the database with a specific (static) username and password and then check to see if the supplied login credentials validate against the users table. From what I have see so far "Auth and Acl" work better with the later case. If my thinking is incorrect, then I need to go back to the manual again otherwise I am still up in a bind... Thanks for you input guys. B.I. On Dec 11, 8:34 am, Rob <[EMAIL PROTECTED]> wrote: > As long as it is SQL server security, it is essentially a table, and > you should be able to model that with Cake. You basically just need > the model for your users data and point Auth at that model. > > That said, I have never tried this with SQL express, so it might take > a bit of playing to get it to work. > > Ultimately to use Auth, you have to tell Cake about the tables to use > for authentication, and I'm thinking there would be a fair amount of > code you'd need to add to get it to work with a table that is storing > data differently than the standard Auth expects (e.g. - hashed > passwords for instance). > > On Dec 10, 1:23 pm, bademan <[EMAIL PROTECTED]> wrote: > > > After chasing my tail a bit, I think I failed to expalin my dilemma > > better. The database in question is an MS SQL Express DB and the user > > accounts are not necessarily stored in a table within the DB, they are > > more like DB system accounts (i.e. stored in SQLSERVER//Security// > > Logins). This is why I am still unsure that Auth and Acl might be able > > to solve the issue. Can you let me know if my task is still possible > > (i.e. given the original context). Thanks. > > > B.I. > > > On Dec 9, 3:32 pm, AD7six <[EMAIL PROTECTED]> wrote: > > > > On Dec 9, 10:10 pm, WebbedIT <[EMAIL PROTECTED]> wrote: > > > > > > I just use Auth and ACL for what you're talking about. > > > > > As Rob states Auth and ACL should be the way to go, but a word of > > > > warning! I for one have had problems employing Auth and ACL and > > > > judging by the amount of blogs and tutorials on the subject so do many > > > > others. > > > > > I came across the following blog today (within this group) which looks > > > > promising to as a reference for finally getting my head around Auth > > > > and ACL. May be worth a look ;) > > > > >http://www.ad7six.com/MiBlog/Authenticationhttp://www.ad7six.com/MiBl... > > > > > Good luck! > > > > Careful, like so many things out there those posts from my blog are > > > old and (at least the technical details are) obsolete ;) that content > > > predates 1.2 and the auth/acl components although the general concepts > > > are of course still valid. > > > > I'd recommend > > > startinghttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > > on any acl/auth quest. and quite simply any auth solution that isn't > > > based on the core auth component is imo not a best practice - the auth > > > component get's imporved and is widely used (and phenomenally > > > configurable) whereas other solutions are not or even if they are have > > > a much smaller userbase. > > > > AD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
