Login

    Register

Managed Hosting

PROJECT CATEGORIES

 

Model-Glue security samples
Project Home Wiki Known Issues Contact Project

Author: Dennis Clark (All RIAForge projects by this author)
Last Updated: June 21, 2010 12:55 PM
Views: 7,468
Downloads: 0
License: BSD

Description:

This is the example Model-Glue application I used for the presentation titled "MVC for the Rest of Us"
that I gave at NCDevCon 2010.

The initial goal of this example was to demonstrate some simple techniques in Model-Glue
to enable parallel collaboration between front-end designers and back-end engineers
in the building of application events, including mock events and unit testing.

A longer-term goal is to to test and implement ideas for building a flexible security framework
for Model-Glue applications.

Getting started:

1. Copy all files into a folder under your ColdFusion web root.
2. Open config/ColdSpring.xml and edit the value of "passwordFilePath" to point to the physical path
of the passwd.txt file to use (there is a sample passwd.txt in the same folder).
3. Start the application at http://localhost/mgsecurity/mgLoginExample/index.cfm (adjust the URL if you are not running ColdFusion under localhost).

WARNING: THE SOLE AUTHENTICATOR SERVICE PROVIDED IS HIGHLY INSECURE AND SHOULD NOT BE USED
IN PRODUCTION ENVIRONMENTS!!!

The biggest deficiency with the authenticator at this time is that it only supports passwords
stored in plaintext.

Any help to make this code safer for production use is welcome!

TODO (not necessarily in order of implementation):

* Add secure password hashing plugins for authenticators (salted iterative MD5/SHA1; jBCrypt)
* Add a CGI null authenticator (useful for authentication schemes handled by the Web server)
* Add a CF-ORM authenticator
* Add an LDAP authenticator
* Package components and events into actionpacks (security,mocking)

Requirements:

* Adobe ColdFusion 9.0 or later (other CFML engines have not been tested)
* Model-Glue 3.1.299 (later versions have not been tested)
* ColdSpring 1.2 (later versions have not been tested)

Issue Tracker:

This project has an external bug tracker. You can find it here:
http://github.com/boomfish/mgsecurity/issues

Source Control Access:

This project hosts its source control at an external location:
http://github.com/boomfish/mgsecurity