Re: password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47066
interpreted = N
texte = There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Jay Van Vark

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Shipping.db (1998) # of real domains on 1 web server (1997) Was: WebDNA 5.2, Now version 6.0 (2004) Dismissing dialogs (was 2.1b3 --> way slow) (1997) Exclamation point (1997) Update quantity (2000) GrandTotal not right (1997) Need help... (1997) California Tax Rates (1998) Today's suggestions (1998) How far do [showif]s go? (1997) Looking up two prices in Formulas.db (1997) Help name our technology! I found it (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Rendering out a page-test results (1997) Admin Edit prob. (1997) Sku numbers (1997) Hard Questions ? (1997) Bit off subject -- Faxing orders (1997) Subcription Sales w/WebCatalog (1999)