password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47064
interpreted = N
texte = My problem is password hackers pounding the server with user/pass pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up with it.I've been using standard browser authentication with a group checker include (has [authenticate] tag and a series of showifs based on a lookup into my siteusers.db -- current, expired, pending, problem, etc.). I want to switch to a form-based login system using session cookies instead, and get away from browser authentication altogether. My thinking is that this would require an actual human touching the keyboard and these nuisance kiddies wouldn't be able to run automated scripts. Maybe I'd include a radio button choice they'd have to click.They would have a login page, then protected pages would still have the groupchecker include, but grabbing their username from [getcookie] instead of [authenticate].Is anyone doing anything like this; is my line of thinking correct, and any caveats before I start making major changes?Anyone else running paysites with similar problems and would like to share concerns, please feel free to email me privately.iMac / Sys 9.2 / Web* 4.5 /WebCat 3Terry------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
My problem is password hackers pounding the server with user/pass pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up with it.I've been using standard browser authentication with a group checker include (has [authenticate] tag and a series of showifs based on a lookup into my siteusers.db -- current, expired, pending, problem, etc.). I want to switch to a form-based login system using session cookies instead, and get away from browser authentication altogether. My thinking is that this would require an actual human touching the keyboard and these nuisance kiddies wouldn't be able to run automated scripts. Maybe I'd include a radio button choice they'd have to click.They would have a login page, then protected pages would still have the groupchecker include, but grabbing their username from [getcookie] instead of [authenticate].Is anyone doing anything like this; is my line of thinking correct, and any caveats before I start making major changes?Anyone else running paysites with similar problems and would like to share concerns, please feel free to email me privately.iMac / Sys 9.2 / Web* 4.5 /WebCat 3Terry------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Terry Wilson

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Serial numbers and pricing for WebDNA 7.0 (2011) MacFinder -- a new WebDNA web site (1998) Moment of Thanks (1997) problems with 2 tags (1997) Ken's Data Manager (was dbQuickView 2.0) (2005) Database Field Additions (2000) GuestBook example (1997) WebCatalog/WebMerchant 2.1 (1998) [OT] ODBC between IIS and remote Access problem (2000) ErrorMessages.db suggestion (1997) authenticating a second user (1997) Introduction/Tutorial/QuickStart (1997) shell problems again... (2003) [WebDNA] Crashing again (2008) Another form question (2000) WebCat2b15MacPlugin - showing [math] (1997) Re2: AAgghh!! Help, please. SSL strikes again. (1997) Limiting user access to .tmpl files (1997) Smith Micro - no competition (2000) dynamic giffing. (2000)