Custom User Database and Database Management System - ColdFusion

One part of the database involves Users and Roles , the other part of it involves configuration of the application based on a particular client. Below is the description that I could fit in 4000 characters and more information is available on request. Database Specification: The database has about a dozen tables with several one to many and many to many relationships. This is a preliminary design and improvements while not expected to be made are welcome as ideas. Please see attached [login to view URL] for a quick snapshot view of the database. It is not an extremely complicated database but it has its complexities. Detailed information of each table will be provided on request. ColdFusion Application Specification : The ColdFusion application will be run as a secure IIS Website with a custom binding ( [login to view URL] ) and it will not be the default website, it will reside in a folder under wwwroot. We have a preliminary application built with scaffolding and ORM , this code can be shared with the contractor at request in case is required. We strongly PREFER ColdFusion ORM and strong object oriented approach ( without any frameworks preferably ) with as much of the code being in cfscript rather than tags. The application will have to be secured and only be accessible to users with an "Administrator" Role in the database ( this role should be permanent and not removable ) . Only users in the administrator role will be managing the database through this application , the rest of the content will be accessed by Flex Via ColdFusion services . The only part of the application that other users are able to access is a page to reset their password or change their password. The CMS part : 1. Ability to CRUD the data in all tables with cascaded update and delete 2. The password for the user has to be stored securely ( binary or hashed string ) 3. When a user is created , the ability to select a random password and generate an email to the user with the password. The user can then change their password using the link in the email ( this is the page mentioned in the previous paragraph ) . The option should also be available for the administrator to set a custom password. 4. Ability to select all related objects in an edit object page. For example when a user is created , the user has to be associated with an application and has to have atleast one role. This could very well extend to other objects based on the relationships defined in the database. The services part : The ColdFusion services built while creating the CMS should also serve for the Flex Application . The difference is that some services needed for the Flex part should not require authentication and be exposed as public services. Public Services 1. Services to query some tables based on specific fields ( will be detailed ) . For example retrieve the application table row based on an application id . 2. Service to authenticate a user based on username, password and application . If the user is authenticated a complex user object (CFC ) is passed back to the application , with roles and other related objects as properties of the object. If the user is not validated the same complex user object is returned with no properties and an invalid flag. 3. Service to generate an email in case of a forgotten password where the user can enter his email and a new password is generated in the same manner it happens from the CMS. If the email is found , an email is generated an object is returned with a success flag, if the email is not found an object is returned with a failure indicating that the user email could not be found. Private Service : 1. A secure service to do CRUD operations on 2-3 tables. The user credentials of the logged in user will be passed along with every request and has to be validated before CRUD is performed.