Model-Glue security samples
Project Home • Wiki • Known Issues • Contact Project
This is the example Model-Glue application I used for the presentation titled "MVC for the Rest of Us"
that I gave at NCDevCon 2010.
The initial goal of this example was to demonstrate some simple techniques in Model-Glue
to enable parallel collaboration between front-end designers and back-end engineers
in the building of application events, including mock events and unit testing.
A longer-term goal is to to test and implement ideas for building a flexible security framework
for Model-Glue applications.
1. Copy all files into a folder under your ColdFusion web root.
2. Open config/ColdSpring.xml and edit the value of "passwordFilePath" to point to the physical path
of the passwd.txt file to use (there is a sample passwd.txt in the same folder).
3. Start the application at http://localhost/mgsecurity/mgLoginExample/index.cfm (adjust the URL if you are not running ColdFusion under localhost).
WARNING: THE SOLE AUTHENTICATOR SERVICE PROVIDED IS HIGHLY INSECURE AND SHOULD NOT BE USED
IN PRODUCTION ENVIRONMENTS!!!
The biggest deficiency with the authenticator at this time is that it only supports passwords
stored in plaintext.
Any help to make this code safer for production use is welcome!
TODO (not necessarily in order of implementation):
* Add secure password hashing plugins for authenticators (salted iterative MD5/SHA1; jBCrypt)
* Add a CGI null authenticator (useful for authentication schemes handled by the Web server)
* Add a CF-ORM authenticator
* Add an LDAP authenticator
* Package components and events into actionpacks (security,mocking)
* Adobe ColdFusion 9.0 or later (other CFML engines have not been tested)
* Model-Glue 3.1.299 (later versions have not been tested)
* ColdSpring 1.2 (later versions have not been tested)
This project has an external bug tracker. You can find it here:
This project hosts its source control at an external location:
Adobe and the Adobe product names are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.