Aaron Cooper

Sweet guys. Thanks. Interesting topic. For this customer my caution is probably overkill and based on past clients where security is equally over the top. (min 12 char passwords expiring every 60 days anyone?).

nightjarnz

I'll be a bit clearer perhaps.

You're not wrong to be cautious.

But diminishing returns can easily come from following this route.

nightjarnz

You can plug in the SAML or LDAP authenticators and use that for CMS access. But it's still someone logging in

theruss

Well one could also say that it's also impossible for properly configured permissions to confer CMS authentication upon users modelled within the Member table...

nightjarnz

I'd suggest that perhaps a corporate site might use a corporate user access control system, like Active Directory.

nightjarnz

one needn't log out then log back in with a different account.

Aaron Cooper

Technically we don't have to use Member. It just saves a lot of work to do so. We created a large site for a corporate that uses a customer object to keep CMS and frontend users logically different. In that case, it's actually impossible for the frontend user to access to the CMS. Impossible to make the mistake

nightjarnz

That's the same for any system though @Aaron Cooper - sudo allows a normal user to become an admin, etc.