How does the Security Module actually work

I was wondering if anyone knew how the security module worked across a project. I’ve been using it for ages and everything works fine, however on one of the recent upgrade change logs, it indicated the security module would need to be recreated.

This is a huge project for me because I have added fields into the sec_users_edit form, and written a bunch of events to occur inside it. I’ve also made some additions to the sec_login page too.

I reran the security module wizard yesterday, setting it for SHA256 overt the long time used MD5, used existing tables, and the wizard created all new forms and grids with the sec2_ prefix. I went through the new apps and saw some differences. So I copied code from my old sec_login over to the new sec2_login and tested it fine. I then copied the new code I found from the new sec2_users_edit into my previously existing sec_users_edit form. Retrieve password was obviously different because of the change to SHA256, so I made those changes too. I deleted my old sec_login and renamed sec2_login to sec_login, and changed some of the redirects/links. Everything ‘seems’ to be working but I’m worried that my understanding of the security module is way off and I’m setting myself up for failure down the road.

Can anyone share an overview of how the security module interfaces with the rest of the applications, or maybe there’s an article somewhere I can read through? All my searches give me generic information about just running the module and not how it actually integrates with all my other applications in the project.

Thanks in advance!

Mark

I’d like to know too. Personally I’ve made significant changes to the sec_users table to accommodate my application needs. I understand the database side, but I’m at a loss understanding the business logic of the security module. By the way, I’ve also replaced the md5 password with a sha256 coupled with a secondary encryption process.

Thanks Ed,

I did the 2FA thing just to see how it worked and thought it was pretty slick. Since I only use this on our internal network, I turned it off just because of the overhead on my team. Someone told me I should use Salt but my doctor told me my blood pressure was too high already =) In all seriousness, I couldn’t figure out how to add it into my apps so wrote it off for the time being.

I’m glad I’m not the only one who would like to know more about the security module integration.

Thanks again.

I was also pretty clear how the old version of SECURITY module work, but recently implemented new version in another project and I am kinda lost. Not that is so hard to read the code but I do not understand the intention of the developer. I am not sure how certain things supposed to work. For example 3FA, and many setting inside the SETTINGS (form / table). There is no information on SC website or help.

On top of that while working on security apps I run int some wired issues (ie. some code worked and not it is not). Certain code is not executed at all etc. I also find confusion on the security form which is automatically generated. Why I cannot have an ADMIN group assigned to the goup ID of mychoice. It i always group_ID=0 I noticed that messing with the group numbers can completely destroy all security functionality.

Tried to do some research on YouTbue but most of the videos are pathetic. They are aimed to market the product not to teach. Two instructors who did some great videos in the past are gone now (most likely abandoned SC) - which is pretty sad.