Re: password authentication schemes

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47066
interpreted = N
texte = There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: password authentication schemes (Jay Van Vark 2003)
  2. Re: password authentication schemes (Donovan 2003)
  3. Re: password authentication schemes (Donovan 2003)
  4. Re: password authentication schemes (Terry Wilson 2003)
  5. Re: password authentication schemes (Kenneth Grome 2003)
  6. Re: password authentication schemes (Jay Van Vark 2003)
  7. Re: password authentication schemes (Kenneth Grome 2003)
  8. Re: password authentication schemes (Jay Van Vark 2003)
  9. Re: password authentication schemes (Bob Minor 2003)
  10. password authentication schemes (Terry Wilson 2003)
There is a forms replacement for Authenticate -- look in your globals directory for AuthenticateChecker.old - remove the .old and restart... All the authenticate dialog will be forms...On 1/22/03 8:29 AM, Terry Wilson wrote:> My problem is password hackers pounding the server with user/pass > pairs and IP spoofing that thwarts NetBarrier. I'm finally fed up > with it. > > I've been using standard browser authentication with a group checker > include (has [authenticate] tag and a series of showifs based on a > lookup into my siteusers.db -- current, expired, pending, problem, > etc.). I want to switch to a form-based login system using session > cookies instead, and get away from browser authentication altogether. > My thinking is that this would require an actual human touching the > keyboard and these nuisance kiddies wouldn't be able to run automated > scripts. Maybe I'd include a radio button choice they'd have to click. > > They would have a login page, then protected pages would still have > the groupchecker include, but grabbing their username from > [getcookie] instead of [authenticate]. > > Is anyone doing anything like this; is my line of thinking correct, > and any caveats before I start making major changes? > > Anyone else running paysites with similar problems and would like to > share concerns, please feel free to email me privately. > > iMac / Sys 9.2 / Web* 4.5 /WebCat 3 > > Terry > Jay Van Vark 'Guiding Positive Change in High-Tech Companies' one box voicemail (866) 248-7670 x 6471 efax (801) 659-7952-- Great tool for advertising bid optimization, check out: http://www.Promote4Less.com------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Jay Van Vark

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Bug Report, maybe (1997) page redirect in webDNA (1997) WebCatalog2 Feature Feedback (1996) carriage returns in data (1997) Instructions for Digest (1997) What am I missing (1997) [OT] SSL security in browser (2005) Date Sorting (1997) turning every 5th line red (1999) Nesting format tags (1997) showif with math? (2000) WebCat and image maps (1997) server 2003 weirdness (2004) WebCatalog 4.0.2b5 available (2000) Invisible file issue now a real 'bug' (1999) [OT] DOD again (2003) Summary search -- speed (1997) WCf2 and nested tags (1997) Search 1 Field Twice? (2004) Random Number Generator works for Ranges of Numbers (1997)