Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

First of all, is there a group addressing "Authentication" issues? I've
searched and could not find any - Plz. forgive if I have posted to the
wrong group or direct me to one dealing with these issues


I am putting together a multi-page sites, MySQL & PostgreSQL pages
included. I'd like to make all pages publicly visible, however on pages
containing defined features such as forms, certain scripts, SSI's etc
the running of these should be restricted to authenticated registered
users. Could someone advise how this can best be achieved. The use of
.htaccess type approaches don't quite do it as they restrict access to
whole directories and below, effectively denying access of the public to
whole sections of the site.

I've wondered about the use of cookies, but not been too familiar with
them have been a bit unsure.

Plz. advise and comment



Re: Authentication

Quoted text here. Click to load it

The closest fit for server-side programming questions is
comp.infosystems.www.authoring.cgi, but it's understandable that that
wouldn't be obvious.

Quoted text here. Click to load it

Put text near the forms to let users know they are for registered users
only, then make the ACTION of each form point to a script under, e.g.,
/registered that is restricted by .htaccess.

Quoted text here. Click to load it

You really have to know what you're doing to use cookies securely and
effectively.  If you can make things work with .htaccess, do so.

-- Easily organize and disseminate news and
                              photos for your family or group.

Re: Authentication

Thanks - a few more

Bruce Lewis wrote:
Quoted text here. Click to load it
I've been running my scripts under `http:/ w/ an
alias removed from the document root. So if I were to create a .htaccess
protected directory, viz. /registered as an example, under the doc root,
each time a registered user attempts to run a script s/he would be
forced to go through an authentication step of inputing their
userid/password pair; [Is my thinking correct?]. I was hoping for
something with a more "persistent of state" attribute.
Quoted text here. Click to load it

Site Timeline