Article by Alwyn.
Published: January 15, 2010 at 14:25
Category: ColdFusion
ColdFusion 9 and ORM: Write all, read some
< back to overviewJust a little thing I found out today using Coldfusion 9 new ORM feature. Say you have a login system based on a user table, this can easily be done with orm. You just create a cfc where you define your database fileds as parameters and call the necessary orm function.
Out of the box this works great, you can fetch, insert, update and remove with ease.
The only drawback here is that even when requesting for instance all users from the database, the login information is also retrieved and placed in the result object. Those values are not really necessary when you just want to show an overview of all you users. So let’s take a look at how you can modify your cfc’s prevent this from happening.
Let’s first take a look at the user.cfc object that is used for database mapping:
<cfcomponent persistent="true" output="false" accessors="true">
<cfproperty name="user_id" ormtype="integer" fieldtype="id" generator="native"/>
<cfproperty name="firstname" ormtype="string"/>
<cfproperty name="lastname" ormtype="string"/>
<cfproperty name="email" ormtype="string"/>
<cfproperty name="login" type="string" />
<cfproperty name="password" type="string"/>
</cfcomponent>With this class, loging a user into the system is really easy, I just use
EntityLoad("User", {login="#FORM.username#", password="#FORM.password#"});
And as a result I get the user object on which I can do further testing.
Now let’s take a look at the dump of this object:
As you can see, also the login and pass are returned, the same problem occurs when I use the following code to load and display all the users.
<!--- list user ---> EntityLoad("User");
These (login, pass) are values I don’t need so let’s tell CF to only load the values I really need when fetching rows. The solution is actually really easy, the only thing you have to do is set the getter property of the cfproperty to false. The update user.cfc will look like this
<cfcomponent persistent="true" output="false" accessors="true">
<cfproperty name="user_id" ormtype="integer" fieldtype="id" generator="native"/>
<cfproperty name="firstname" ormtype="string"/>
<cfproperty name="lastname" ormtype="string"/>
<cfproperty name="email" ormtype="string"/>
<cfproperty name="login" type="string" getter="false" />
<cfproperty name="password" getter="false" type="string"/>
</cfcomponent>And if you take a look at the dump, you will see that the login and pass fields are now no longer filled when doing a fetch! And the login system will still work because the setter property is still set to true!
Comments
Alwyn on January 18, 2010 at 9:31 am
We do encrypt the pw’s in the database but the point here was to limit the amount of data send back and forth between the database and the coldfusion pages. Thanks for the concern though 
Make a comment
Mark Mandel on January 17, 2010 at 12:11 am
…so silly question
Why not just encrypt the password? Which would mean it wouldn’t be in plain text for all to see in your database.
Or was this more of a contrived example to show off a specific technique?