Re: password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47066
interpreted = N
texte = There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Jay Van Vark

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

4.5 Upgrade (2003) [showif]'s inside [search] params? (2000) WebCommerce: Folder organization ? (1997) Image download problem (2001) POSTing to a secure server ... (2000) Problems getting parameters passed into email. (1997) WebCat2 - [format thousands] (1997) WebCAT has the devil in it! (2003) Purchase Plugin Missing (1996) Hard Questions ? (1997) WebCatalog/Mac 2.1b2 New Features (1997) problems with WebCat-Plugin () WebCat2 beta 11 - new prefs ... (1997) Updating Prices in Online Database (1999) Re1000001: Setting up shop (1997) autosensing lanague selection (1997) WebDNA Solutions ... (1997) BGcolor (1997) too many nested tags ... (1997) OK, here goes... (1997)