Announcement

Collapse
No announcement yet.

serious issue with security module

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • serious issue with security module

    hi gusy, i have been reading in the forums for 3 days now regarding the security module that comes with sc, also tried myself many things and i found the following

    please tell me if that is correct or there is a solution for these you came to know about them but not posted in the form!?

    1- many guys in the forum had problem that security module, if changed or renamed applications, then it is all spoiled
    2- i tried myself, if i add "friendly-url" to security module applications then it is hell and will never work
    3- normal applications: if put as friendly-url it is counted twice in the applications list! you end up with a long list of applications to add permissions to...
    4- when syncing applications, i get erros, i tracked that sql error and found that becasue i removed the old applications manually from mysql db because they were really old in the project and i removed long back before the security module i applied
    5- the app sec_Login, even if changed to sec_login (just to lower case the "L" you need to change all applications in security folder accordingly... moreover, and the most important, is the duplication of applications that listed in the apps x groups application which doesn't make sense

    example: i have application called form_main_1 i have its friendly url like this: form-main-1
    then you end up in the database table sec_apps with both of them!?!? which one is giving access to users/groups?? i remmoved the firendly url (-) and got many errors when syncing apps

    please guys, any good reference for security module? it is fundamental requirement these days and number 1 failuer in sc!!

  • #2
    The module works well in normal situations, but yes, it will not remove deleted applications and if you rename synchronizing will cause a new entry and the old one persists as the sync cannot recognize the rename of an application. So I always recommend to add the security model at the end of your application process. I've seen too issues by users, but I haven't encounter them so far.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      but also the deleted applications albert!! some applications in the same project were deleted long time back even before initializing the security module for the first time!!

      also, how about the friendly-url? i have for each application a friendly-url assigned, then in the list of apps there is one entry for application name and one entry for the friendly-url, which one grants the permissions and why this is duplicated? is it on folders level they mean? (because finally each app will be placed in one folder in the real project production)

      what if i don't sync applications? how i can add them manually? from DB itself? then select the type (menu contr, container, grid...etc) then it will appear in the groups x apps so i can define permissions?

      because actually i ended up with more than 100+ records in the applications list, all of them were deleted long before the security, and duplicated due to friendly-url thing, then if you sync again you will have more apps with strange names like @sec_ and 1@sec_ and if you delete those from db, it is a whole different story and you get sql errors!

      grrrrrrrrrr security module means to have easy access and function added to sc, not more confusion and errors!

      Comment


      • #4
        Deleted applications are deleted from the repository. But the generated code persists. Which means that synchronize will find this as it is based upon a dirlist. But in general clean the application tables and do a sync then. But before: remove deleted apps manually from your generation location.
        Albert Drent
        aducom software netherlands
        scriptcase partner, reseller, support and (turn-key) development
        www.scriptcase.eu / www.scriptcase.nl

        Comment


        • #5
          Albert, if you remove or drop or clean the apps table manually, the sync will not happen again, it throughs error and says that duplicated entry 1- PRIMARY don't know what and adds strange entried to the database

          until now you didn't give me your idea regarding the friendly-url thing,,,, in security module each application has friendly-url name it is counted 2 times, once as original name and one as the friendly-url name!! so which one is giving the actual permissions if selected from the groups x apps permissions list? do you think it is better not to use the friendly-url? what is the negative? will each application has its own folder too? i would like to know more about this really so to use best practice.

          Comment


          • #6
            Originally posted by itsme3 View Post
            Albert, if you remove or drop or clean the apps table manually, the sync will not happen again, it throughs error and says that duplicated entry 1- PRIMARY don't know what and adds strange entried to the database

            until now you didn't give me your idea regarding the friendly-url thing,,,, in security module each application has friendly-url name it is counted 2 times, once as original name and one as the friendly-url name!! so which one is giving the actual permissions if selected from the groups x apps permissions list? do you think it is better not to use the friendly-url? what is the negative? will each application has its own folder too? i would like to know more about this really so to use best practice.
            I can only answer questions if I have the knowledge. I embed our applications in a cms and there is no user who needs to enter any url to get it running besides the url of the cms it is running in. So I don't use the friendly url and I haven't tested it with the security module.
            In your case, If the security module sees the application twice, one as a full url and one as friendly url, I think you have to set both as you don't know how the user will enter the application. But it's a wild guess, for ourselves I don't see the advantage of a friendly url.
            Albert Drent
            aducom software netherlands
            scriptcase partner, reseller, support and (turn-key) development
            www.scriptcase.eu / www.scriptcase.nl

            Comment


            • #7
              itsme3, if you are going to sync, then you need to empty both the apps table and the groups-apps table. Make sure that your directory is clean of any extraneous stuff before doing the sync.

              I prefer to empty the directory on my server, do a clean deploy, set up the connection, log in (so I will be able to do the sync later), then use phpMyAdmin to empty apps and groups-apps tables, then do a sync. Once the sync is done, you need to edit the groups<->apps and set everything on for admin.
              Dave Prue
              Code Whisperer
              Lahar International Corp
              www.lahar.net

              Comment

              Working...
              X