Re: Q on the best way to set up a security function so users can edit records

This WebDNA talk-list message is from

1999


It keeps the original formatting.
numero = 23725
interpreted = N
texte = Thank you for the reply, I need a little help in clarifing some things.>Use the built-in [protect] tag, and use the built-in admin pages to create >your users and passwords. Use groups (just an arbitrary string of text) to >manage access for each of your users. Users can belong to multiple groups, >so it's easy to let them into different parts of the site.Ok, so the user 'registers' in the users.db. Then I have that information available to me during this session by using the [username] and [password] contexts. So, in order for the user to create a new record in my (other) database(s), I would be able to populate the username and password field automatically. I would also add them to the proper group so the 'add' link wouldn't even display unless they had 'logged in'.Also, once a user has logged in, I could use a [showif [username]=[user]]edit this link[/showif] (I get the [user] from the record being viewed)And I would do the same thing for each database. Correct?When the user initially logs in, I would need to check their selected username against the database to make sure it is unique, or can I user their email address as the username? I ask as I recently switched from a user selected username to making them use their email address as that is unique and they then select their own password. Since I already have a database with usernae (email address) and password information, is there an easy way to import this data into the users.db? Especially since the passwords are encrypted?So,users.db - store email address (username), password and groups require 'logging in' in order to add, update, delete records once logged in, use the [username] and [password] contexts to verify/track who they are.I guess the final question, is therre anything I need to watch out for in order for my users to register themselves in the users.db?Thanks!>Once someone has entered a proper username/password, you can get at their >username on any subsequent page *without* having to explicitly propagate it >(cart=[cart] is an example of explicit propagation). Just use [username] >anywhere you need it. > >[protect admin] - only *you* can view this page >[protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group >can view this page >[protect ShoeVendors] - not even *you* can view this page, but ShoeVendors >can > >Use [username] instead of sku as your key for identifying records that >individual people add > >>I would like to create a single 'members' database in order allow my >>users to manage the records they have entered. The database would have >>fields for email, password, username (for chat / forums postings) and SKU >>(a unique number). The sku would be the key that is included in each >>record they add to any of the databases. >> >>Currently they would possibly be resgistering in order to join my chat / >>or post in the forums, add links to my links database and two other >>informational databases. >> >>Once I have this 'sku', how do I make sure this data is passed around as >>needed? I want to make sure I keep track of this info as they move around >>the site so they only have to log in once. From a security standpoint I >>shouldn't pass this info in the URL, so how do I make sure I track this. >>Would using a cookie be the best way to do this? >> >>Or should I be looking into soome how using the users.db for this? I also >>have a few users that will need to edit other databases that I am quite >>concerned about security and it appears that the [protect] context would >>be helpful there. I just want to make it as easy for my users as possible. > >Technical Support | ==== eCommerce and Beyond ==== >Pacific Coast Software | WebCatalog, WebMerchant, >11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, >San Diego, CA 92128 | Typhoon >619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ > > Associated Messages, from the most recent to the oldest:

    
  1. Re: Q on the best way to set up a security function so users can edit records (webcat 1999)
  2. Q on the best way to set up a security function so users can edit records (webcat 1999)
Thank you for the reply, I need a little help in clarifing some things.>Use the built-in [protect] tag, and use the built-in admin pages to create >your users and passwords. Use groups (just an arbitrary string of text) to >manage access for each of your users. Users can belong to multiple groups, >so it's easy to let them into different parts of the site.Ok, so the user 'registers' in the users.db. Then I have that information available to me during this session by using the [username] and [password] contexts. So, in order for the user to create a new record in my (other) database(s), I would be able to populate the username and password field automatically. I would also add them to the proper group so the 'add' link wouldn't even display unless they had 'logged in'.Also, once a user has logged in, I could use a [showif [username]=[user]]edit this link[/showif] (I get the [user] from the record being viewed)And I would do the same thing for each database. Correct?When the user initially logs in, I would need to check their selected username against the database to make sure it is unique, or can I user their email address as the username? I ask as I recently switched from a user selected username to making them use their email address as that is unique and they then select their own password. Since I already have a database with usernae (email address) and password information, is there an easy way to import this data into the users.db? Especially since the passwords are encrypted?So,users.db - store email address (username), password and groups require 'logging in' in order to add, update, delete records once logged in, use the [username] and [password] contexts to verify/track who they are.I guess the final question, is therre anything I need to watch out for in order for my users to register themselves in the users.db?Thanks!>Once someone has entered a proper username/password, you can get at their >username on any subsequent page *without* having to explicitly propagate it >(cart=[cart] is an example of explicit propagation). Just use [username] >anywhere you need it. > >[protect admin] - only *you* can view this page >[protect admin,ShoeVendors] - both you and people in 'ShoeVendors' group >can view this page >[protect ShoeVendors] - not even *you* can view this page, but ShoeVendors >can > >Use [username] instead of sku as your key for identifying records that >individual people add > >>I would like to create a single 'members' database in order allow my >>users to manage the records they have entered. The database would have >>fields for email, password, username (for chat / forums postings) and SKU >>(a unique number). The sku would be the key that is included in each >>record they add to any of the databases. >> >>Currently they would possibly be resgistering in order to join my chat / >>or post in the forums, add links to my links database and two other >>informational databases. >> >>Once I have this 'sku', how do I make sure this data is passed around as >>needed? I want to make sure I keep track of this info as they move around >>the site so they only have to log in once. From a security standpoint I >>shouldn't pass this info in the URL, so how do I make sure I track this. >>Would using a cookie be the best way to do this? >> >>Or should I be looking into soome how using the users.db for this? I also >>have a few users that will need to edit other databases that I am quite >>concerned about security and it appears that the [protect] context would >>be helpful there. I just want to make it as easy for my users as possible. > >Technical Support | ==== eCommerce and Beyond ==== >Pacific Coast Software | WebCatalog, WebMerchant, >11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, >San Diego, CA 92128 | Typhoon >619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ > > webcat

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] agree? --> [url] broken inside [redirect], on a square-bracket-style include, included from a XML-style page (2009) Summing fields (1997) price on detail, but not shoppingcart (1997) two unique banners on one page (1997) Sample Tearoom Search Error (1998) webcat NT with [dos] command (1997) Help with Shipping Costs (1997) [cart]'s ever get recycled? (2000) PSC recommends what date format yr 2000??? (1997) Live hits (2003) Re1000001: Setting up shop (1997) America Online Issues (1998) Mac GUI editors (1997) Initiating NewCart (1997) select multiple (1997) Bit off subject -- Faxing orders (1997) dos performance (1998) page redirect in webDNA (1997) WC2b15 File Corruption (1997) WCS Newbie question (1997)