Passing variables to Realm Authentication - WebStar

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 21857
interpreted = N
texte = Here is a good one... for WebStar/WebCat developersOur dilemma:Customer requires a customized authentication scheme based on a security database for access to pages where we can add records, search files, and access a page where downloadable files are listed.There are components of this process that require us to check for the last date modified of the password and run a routine to update the password, check for payment of dues, and check for the existance of messages to a client based on their username/password combination.THIS PART IS NOT A PROBLEM, and we have developed a slick bit of code to accomplish all these functions, and more, which bring a very wide array of security and interactive features to the login area.We currently use REALM security on the folder where the secure data resides. We will have to disable REALM security for our authentication scheme above to work; our implementation takes this into consideration. Any user coming into any page from any direction will confront the security procedure which stays active while they are within the site.This works as long as the user accesses a PAGE in the system. But if they access a text file directly, knowing in advance the path, we lose that security control.EXCEPT - those files that are .txt files we can develop a process to place the security scheme at the front of these files. Tested it, and it works. So far, everything is OK.PROBLEM:One of the files (and arguably the most-often used one) is compressed (Zip format); accessible as a link off of the download page, as well as of course by someone directly typing in the URL. We cannot place the security scheme in front of this file because the file is never loaded in the browser.QUESTION:Can values collected in a form with a POST argument, or passed from a URL, be made available to WebStar's REALM authentication capabilities.or put another way:Can we invoke REALM security on a directory, pass the security parameters in a URL from a page outside of that directory to allow access to the files within the secure realm directory (because security was already handled on the page where the link exists), but so that anyone typing in the pathname to the file directly (the ZIP file in this case) would confront the REALM security dialog box.Some of the reasons behind all this are not relevant to the discussion; they are customer requirements based on the absolute security of this data to a limited user group. The technical abilities of the user group are also limited.We could just invoke REALM security for any access to downloads, but one of the deliverables is to not have to maintain separate password lists.======================================================================== Hewitt Consulting... Business Internet Solutions ======================================================================== www.hewittco.com Larry Hewitt larryh@hewittco.com Hewitt Consulting voice: 360/740-1090 Managing Partner cell: 360/508-6014 fax: 360/740-0998 Associated Messages, from the most recent to the oldest:

    
  1. Re: Passing variables to Realm Authentication - WebStar (Mike Davis 1998)
  2. Passing variables to Realm Authentication - WebStar (Larry Hewitt 1998)
Here is a good one... for WebStar/WebCat developersOur dilemma:Customer requires a customized authentication scheme based on a security database for access to pages where we can add records, search files, and access a page where downloadable files are listed.There are components of this process that require us to check for the last date modified of the password and run a routine to update the password, check for payment of dues, and check for the existance of messages to a client based on their username/password combination.THIS PART IS NOT A PROBLEM, and we have developed a slick bit of code to accomplish all these functions, and more, which bring a very wide array of security and interactive features to the login area.We currently use REALM security on the folder where the secure data resides. We will have to disable REALM security for our authentication scheme above to work; our implementation takes this into consideration. Any user coming into any page from any direction will confront the security procedure which stays active while they are within the site.This works as long as the user accesses a PAGE in the system. But if they access a text file directly, knowing in advance the path, we lose that security control.EXCEPT - those files that are .txt files we can develop a process to place the security scheme at the front of these files. Tested it, and it works. So far, everything is OK.PROBLEM:One of the files (and arguably the most-often used one) is compressed (Zip format); accessible as a link off of the download page, as well as of course by someone directly typing in the URL. We cannot place the security scheme in front of this file because the file is never loaded in the browser.QUESTION:Can values collected in a form with a POST argument, or passed from a URL, be made available to WebStar's REALM authentication capabilities.or put another way:Can we invoke REALM security on a directory, pass the security parameters in a URL from a page outside of that directory to allow access to the files within the secure realm directory (because security was already handled on the page where the link exists), but so that anyone typing in the pathname to the file directly (the ZIP file in this case) would confront the REALM security dialog box.Some of the reasons behind all this are not relevant to the discussion; they are customer requirements based on the absolute security of this data to a limited user group. The technical abilities of the user group are also limited.We could just invoke REALM security for any access to downloads, but one of the deliverables is to not have to maintain separate password lists.======================================================================== Hewitt Consulting... Business Internet Solutions ======================================================================== www.hewittco.com Larry Hewitt larryh@hewittco.com Hewitt Consulting voice: 360/740-1090 Managing Partner cell: 360/508-6014 fax: 360/740-0998 Larry Hewitt

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA dying or ... ? (2005) OFF TOPIC: help wanted (1997) WebCat2b13MacPlugIn - More limits on [include] (1997) ShowIf & HideIf Question? (1998) WebDNA 6 (2004) WebCat2.0 [format thousands .0f] no go (1997) Lots of bounce errors (2007) Signal Raised Error (Part III) (1997) Template Cache problem (2000) Can I invoke an ssi plugin from within a webcat page (1997) question: webmerchant connection (1997) [url] (1997) Ampersand Searching (2000) Multiple Pulldowns (1997) Return records from another (1997) Review comparison by PC Magazine: Open for On-line Business (1997) Web Catalog Instability (2000) Applescript in Webcatalog problem (1997) New to WebCat, Help. (1998) Bug Report, maybe (1997)