Re: Q on the best way to set up a security function so users canedit records

This WebDNA talk-list message is from

1999


It keeps the original formatting.
numero = 23716
interpreted = N
texte = Use the built-in [protect] tag, and use the built-in admin pages to create your users and passwords. Use groups (just an arbitrary string of text) to manage access for each of your users. Users can belong to multiple groups, so it's easy to let them into different parts of the site.Once someone has entered a proper username/password, you can get at their username on any subsequent page *without* having to explicitly propagate it (cart=[cart] is an example of explicit propagation). Just use [username] anywhere you need it.[protect admin] - only *you* can view this page [protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group can view this page [protect ShoeVendors] - not even *you* can view this page, but ShoeVendors canUse [username] instead of sku as your key for identifying records that individual people add>I would like to create a single 'members' database in order allow my >users to manage the records they have entered. The database would have >fields for email, password, username (for chat / forums postings) and SKU >(a unique number). The sku would be the key that is included in each >record they add to any of the databases. > >Currently they would possibly be resgistering in order to join my chat / >or post in the forums, add links to my links database and two other >informational databases. > >Once I have this 'sku', how do I make sure this data is passed around as >needed? I want to make sure I keep track of this info as they move around >the site so they only have to log in once. From a security standpoint I >shouldn't pass this info in the URL, so how do I make sure I track this. >Would using a cookie be the best way to do this? > >Or should I be looking into soome how using the users.db for this? I also >have a few users that will need to edit other databases that I am quite >concerned about security and it appears that the [protect] context would >be helpful there. I just want to make it as easy for my users as possible.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Q on the best way to set up a security function so users canedit records (Charles Kefauver 1999)
  2. Re: Q on the best way to set up a security function so users canedit records (PCS Technical Support 1999)
Use the built-in [protect] tag, and use the built-in admin pages to create your users and passwords. Use groups (just an arbitrary string of text) to manage access for each of your users. Users can belong to multiple groups, so it's easy to let them into different parts of the site.Once someone has entered a proper username/password, you can get at their username on any subsequent page *without* having to explicitly propagate it (cart=[cart] is an example of explicit propagation). Just use [username] anywhere you need it.[protect admin] - only *you* can view this page [protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group can view this page [protect ShoeVendors] - not even *you* can view this page, but ShoeVendors canUse [username] instead of sku as your key for identifying records that individual people add>I would like to create a single 'members' database in order allow my >users to manage the records they have entered. The database would have >fields for email, password, username (for chat / forums postings) and SKU >(a unique number). The sku would be the key that is included in each >record they add to any of the databases. > >Currently they would possibly be resgistering in order to join my chat / >or post in the forums, add links to my links database and two other >informational databases. > >Once I have this 'sku', how do I make sure this data is passed around as >needed? I want to make sure I keep track of this info as they move around >the site so they only have to log in once. From a security standpoint I >shouldn't pass this info in the URL, so how do I make sure I track this. >Would using a cookie be the best way to do this? > >Or should I be looking into soome how using the users.db for this? I also >have a few users that will need to edit other databases that I am quite >concerned about security and it appears that the [protect] context would >be helpful there. I just want to make it as easy for my users as possible.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ PCS Technical Support

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Include a big block of text (1997) Only charge card when product shipped ? (1997) [WebDNA] OS X mail server (2009) More questions about serial number dishing (1997) WebCat2.0 [format thousands .0f] no go (1997) [SearchString] usage (1997) fun with shell scripting (2003) [OT] Mom's gift (2006) Re:no [search] with NT (1997) What if SSL server down? MAC (1997) [WebDNA] [lookup returning nothing at all.. not even the notfound param. (2010) Re:2nd WebCatalog2 Feature Request (1996) WebCat, sudo and ImageMagick (2002) New site announcement + Showing once on a founditems (1997) Migrating to NT (1997) Traffic - FYI (2003) & in Lookups (1997) What am I missing (1997) [format 40s]text[/format] doesn't work (1997) Purchase Plugin Missing (1996)