Message from discussion
Recommended User Authentication setup?
Received: by 10.114.131.9 with SMTP id e9mr1072736wad.5.1211994801513;
Wed, 28 May 2008 10:13:21 -0700 (PDT)
Return-Path: <anderson.jo...@gmail.com>
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174])
by mx.google.com with ESMTP id m36si129523839wag.3.2008.05.28.10.13.20;
Wed, 28 May 2008 10:13:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of anderson.jo...@gmail.com designates 209.85.200.174 as permitted sender) client-ip=209.85.200.174;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of anderson.jo...@gmail.com designates 209.85.200.174 as permitted sender) smtp.mail=anderson.jo...@gmail.com; dkim=pass (test mode) header...@gmail.com
Received: by wf-out-1314.google.com with SMTP id 27so3097955wfd.5
for <cake-php@googlegroups.com>; Wed, 28 May 2008 10:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer:from;
bh=2B+T3hUc4PJIZbNPlIMqiRTT5+pVnfh1Kb77wc/U9NQ=;
b=CVvymIwa+QXdD6mHbQbiD8zJyDc7lzTE0e28LwU+ud2AUsG4GOnbzADBk0L1KLP+w2PT0+8/cYOP/H8tqo89tasBnNeT6ysw8V/uzDcj5zdwuq9SBSNZnEk9vJceqynHJSPeGLFzpAFiVh+Ak4rC1W7mB49woi30+URStZfofOA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer:from;
b=ecPqTdJoLllfiMapIjWCmYjr5kEcIczCyTMPEcFjVkwDa4rp2GjTtW8H1fJ8yYBMt5tCOTPKtUGoIkcQCT9u3vUcK85UywlMXqhYjzWGwEZASoKdXRlKTBrlDQANypGK0NmzzPp7wAQteYzUw93h7LQ4SCDR+nPazPfZBAnBxCg=
Received: by 10.142.177.5 with SMTP id z5mr1132089wfe.255.1211994800138;
Wed, 28 May 2008 10:13:20 -0700 (PDT)
Return-Path: <anderson.jo...@gmail.com>
Received: from ?10.10.1.83? ( [66.7.114.125])
by mx.google.com with ESMTPS id 22sm23820318wfd.19.2008.05.28.10.13.18
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 28 May 2008 10:13:19 -0700 (PDT)
Message-Id: <61E092F8-8918-4F0A-AC0E-75BB5915F...@cakephp.org>
To: cake-php@googlegroups.com
In-Reply-To: <2c38d115-47c5-4a0c-8fbf-5aaf3e144...@c58g2000hsc.googlegroups.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Subject: Re: Recommended User Authentication setup?
Date: Wed, 28 May 2008 11:13:01 -0600
References: <2c38d115-47c5-4a0c-8fbf-5aaf3e144...@c58g2000hsc.googlegroups.com>
X-Mailer: Apple Mail (2.919.2)
From: John David Anderson <anderson.jo...@gmail.com>
On May 28, 2008, at 10:57 AM, 703designs wrote:
>
> I'm working with Cake right now, and I thought that ACL was my answer
> to this question, but it seems that Cake's ACL (ACL in general, I
> suppose) only deals with roles, etc:
>
> "It should be noted that ACL is *not* a system that is meant to
> authenticate users. You should already have a way to store user
> information and be able to verify that user's identity when they enter
> the system."
>
> Well, this is all good and well, but the user authentication systems I
> develop, while being functional, leave quite a bit to be desired, and
> I really wouldn't trust them beyond the limited purposes for which
> I've deployed them. To put it simply, I expect that a framework like
> this one would make developing a sane user authentication system a bit
> easier for a developer like myself.
ACL != Auth. It's *related* to authentication, but so is the
FormHelper. The criticism you're leveling here doesn't quite make sense.
In any case, I might check out the AuthComponent (which works well
with the ACL stuff). Chris' tute should be a good starting point.
-- John
|
