Re: [WebDNA] how to clear the [username] and [password] values the browser has stored?

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101129
interpreted = N
texte = Thanks Terry! That is a nice succinct effective article... I used cookies for a shopping cart site 10 years ago. We didn't rely on them for critical functions since at that time I remember many people were afraid of them and had them turned off. (Myself just re- entering the coding world again after 7 years off)... I suspect that now stats watchers are saying that mostly cookies can be depended on to work (people rarely disable them nowadays)? Do you guys store the [username] & [password] in the cookies directly? If so are those passwords encrypted there? Any issues worth mentioning here? Or are you keeping the architecture basically the same the way we did for [authenticate]/access.db etc (original WebDNA design, see *addendum below), and just using the session cookies to store the fact that they passed the tests on each page? Can users who are clever inspect their own browser's cookies, hack them, and thus bypass? I am sure you avoided this, I just want to suss out the key points here rather than learning the hard way. *addendum: (this is an old one before I switched to encrypting passwords) [showif NotFound=[lookup db=access.db&lookinField=user&value=[uppercase][username][/ uppercase]&returnField=user¬Found=NotFound]] [authenticate user] [/showif] [showif [url][uppercase][password][/uppercase][/url]![url][lookup db=access.db&lookinField=user&value=[uppercase][username][/ uppercase]&returnField=pass¬Found=NotFound][/url]] [authenticate pass] [/showif] [search db=access.db&wsgroupsdatarq=[uppercase][groups][/ uppercase]&equserdatarq=[uppercase][username][/ uppercase]&eqpassdatarq=[url][uppercase][password][/uppercase][/url]] [showif [numFound]=0] [authenticate Group] [/showif] [/search] Thanks for any thoughts. -G On Oct 12, 2008, at 7:12 PM, Terry Wilson wrote: > I wrote a piece on cookies at the new WebDNA site: > > http://www.webdna.us/page.dna?numero=79 > > Terry > > > On Oct 12, 2008, at 4:47 PM, Govinda wrote: > >> Could you give me an outline, in english/pseudo code? >> And, could you elaborate on "session"? >> This is not all new to me, but I stand to benefit from (fill out my >> understanding from) your input. >> >> -G >> On Oct 12, 2008, at 11:06 AM, Bob Minor wrote: >> >>> Thats is really why you don't want to use a realm. Instead when >>> possible we use cookie/session based controls. >>> >>> On Oct 12, 2008, at 11:45 AM, Govinda wrote: >>> >>>> Happy sunday all! >>>> >>>> I am successfully using [authenticate], conditionals, and a >>>> custom userGroups.db for protecting secure areas of our site. >>>> What I am not clear about is how to use WebDNA to clear out the >>>> values the browser has stored for [username] and [password]. >>>> How do we do that? .... >>>> Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Govinda 2008)
  2. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Terry Wilson 2008)
  3. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Govinda 2008)
  4. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Bob Minor 2008)
  5. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Govinda 2008)
  6. Re: [WebDNA] how to clear the [username] and [password] values the browser has stored? (Bob Minor 2008)
  7. [WebDNA] how to clear the [username] and [password] values the browser has stored? (Govinda 2008)
Thanks Terry! That is a nice succinct effective article... I used cookies for a shopping cart site 10 years ago. We didn't rely on them for critical functions since at that time I remember many people were afraid of them and had them turned off. (Myself just re- entering the coding world again after 7 years off)... I suspect that now stats watchers are saying that mostly cookies can be depended on to work (people rarely disable them nowadays)? Do you guys store the [username] & [password] in the cookies directly? If so are those passwords encrypted there? Any issues worth mentioning here? Or are you keeping the architecture basically the same the way we did for [authenticate]/access.db etc (original WebDNA design, see *addendum below), and just using the session cookies to store the fact that they passed the tests on each page? Can users who are clever inspect their own browser's cookies, hack them, and thus bypass? I am sure you avoided this, I just want to suss out the key points here rather than learning the hard way. *addendum: (this is an old one before I switched to encrypting passwords) [showif NotFound=[lookup db=access.db&lookinField=user&value=[uppercase][username][/ uppercase]&returnField=user¬Found=NotFound]] [authenticate user] [/showif] [showif [url][uppercase][password][/uppercase][/url]![url][lookup db=access.db&lookinField=user&value=[uppercase][username][/ uppercase]&returnField=pass¬Found=NotFound][/url]] [authenticate pass] [/showif] [search db=access.db&wsgroupsdatarq=[uppercase][groups][/ uppercase]&equserdatarq=[uppercase][username][/ uppercase]&eqpassdatarq=[url][uppercase][password][/uppercase][/url]] [showif [numFound]=0] [authenticate Group] [/showif] [/search] Thanks for any thoughts. -G On Oct 12, 2008, at 7:12 PM, Terry Wilson wrote: > I wrote a piece on cookies at the new WebDNA site: > > http://www.webdna.us/page.dna?numero=79 > > Terry > > > On Oct 12, 2008, at 4:47 PM, Govinda wrote: > >> Could you give me an outline, in english/pseudo code? >> And, could you elaborate on "session"? >> This is not all new to me, but I stand to benefit from (fill out my >> understanding from) your input. >> >> -G >> On Oct 12, 2008, at 11:06 AM, Bob Minor wrote: >> >>> Thats is really why you don't want to use a realm. Instead when >>> possible we use cookie/session based controls. >>> >>> On Oct 12, 2008, at 11:45 AM, Govinda wrote: >>> >>>> Happy sunday all! >>>> >>>> I am successfully using [authenticate], conditionals, and a >>>> custom userGroups.db for protecting secure areas of our site. >>>> What I am not clear about is how to use WebDNA to clear out the >>>> values the browser has stored for [username] and [password]. >>>> How do we do that? .... >>>> Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

RequiredFields template (1997) Smart caching problems with 2.1b3? (1997) Security Question (1997) verify online (1997) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) Thanks Grant (1997) Really need a answer (1999) Progress !! WAS: Trouble with formula.db (1997) [WebDNA] divisible by 1 (2011) [LISTFILES] (1998) Gil's in the lead (1999) Error Messages Returned to User (1997) [MATH SHOW=F]. show=f does what? (1999) Uploading a file (2000) Shipping Math (1999) Emailer and encryption (1997) upgrading (1997) auction system w/ Web Cat (1999) [WebDNA] What file needs to be edited in apache to server html (2008) WebCatalog Mac 2.1b3 (1997)