Soundings 2.1

I just released Soundings 2.1 to RIAForge. This is mainly just a bug fix release, although it has some nice user submitted UI improvements, including visually marking required survey items. Soundings also marks the first application of mine where I ripped out cflogon. A subtle issue with it (see below) caused two clients in the past week to have issues.

So the issue isn't a bug per se, but a feature that trips me up all the time. ColdFusion's roles based security will automatically tie in to web server security. Now imagine you want to see if someone is logged in. You do this by checking getAuthUser(). (ColdFusion 8 added isLoggedIn(), but Soundings has to work in older version.) Now imagine someone deploys Soundings on an Intranet where HTTP auth is in place.

All of a sudden getAuthUser will return a value and that application will think that a user is logged on to Soundings, where in reality it was just someone logged into the web server's security system.

There is no way to say "I don't care about the web server, I have my own security model." That to me makes cflogon something I just can't use. In other applications I get around this by using a session variable so I can tell that someone has logged into my application.

To be honest, this issue probably only trips up people like myself - who write applications to be used by others - but as it hit two people in one week I figured it was just time to dump it.

Comments (4) Oct 3, 2008 9:27 AM Views: 1315

Comments

[Add Comment]
Thanks for the update Ray! This is a great program and we use it for a number of surveys at our school district.
# Posted By David Fry | 10/3/08 9:42 AM
Hey! If you have it laying around, could you post the code that you're substituting for the login procedure? I have spent a couple of hours this week looking for some code that combines login functionality with a site registration part. I was hoping for a "Remember me" function as well. I might have to use Ben's http://tinyurl.com/3l8zy6 as the foundation -- if I can't get down the road further. Any suggestions? Thanks, and you know don't ya...you da man!

Can you relate to any of this? :) http://tinyurl.com/4znc6q
# Posted By Robert Myers | 10/3/08 2:41 PM
That was a great list Robert. I identified with _all_ of them.

Sounding's security system is incredibly simple. I don't know if it would be a great system to learn from, but if you want something simple, you can take a look at it. You asked me to post it, but you can download all of Soundings from RIAForge.
# Posted By Raymond Camden | 10/4/08 8:29 PM
Thanks for the update Ray! This is a great program and we use it for a number of surveys at our school district.

Thank you all..
# Posted By indir | 10/10/08 10:46 AM
[Add Comment]