Re: password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47066
interpreted = N
texte = There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Jay Van Vark

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA for Dummies (2004) [WebDNA] How does WebMerchant ... (2015) Message Board (2001) RE: Last desperate attempt (1998) Problem (1997) WebCat2b15MacPlugin - [protect] (1997) WebCatalog 2.1b3 - Plugin or cgi ? (1997) Buying sans cart (1997) alternate location for cookies (2001) Help name our technology! (1997) upgrading (1997) WebCat2 Append problem (B14Macacgi) (1997) Problem with empty form-variables in [search] (1998) Emailer port change (1997) Re:quit command on NT (1997) I don't think my install worked (2003) Talk List Suggestions (1997) Extended [ConvertChars] (1997) [WebDNA] incomplete redirect tag (2009) Internet Explorer and caching (2000)