Re: password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47066
interpreted = N
texte = There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Jay Van Vark

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

The beginning (1997) [WebDNA] Sorry WebDNA not running message (2019) in conversions.db crashes unix webcat (1999) RH 8.0 (2002) Bit off subject -- Faxing orders (1997) Error with [applescript] (1999) Multi-Row Tables from a search. (1997) Need Sample Template - just purchased (1997) Only charge card when product shipped ? (1997) Banners (1997) Nested vs conditional (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) taxrate - off by 1 cent (1997) Line Endings (2003) WebDNA 4.5.1 Now Available (2003) WCS Newbie question (1997) GuestBook example (1997) StoreBuilder ADD 2 CART redirects to default.tpl - PLEASESTOP THIS! (2002) Can WC remember people? (1998) WebCat2 Append problem (B14Macacgi) (1997)