[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue Mar 16 16:51:35 2004 -->
- <!--x-from-r13: wfurrgf ng lnubb.pbz (Xrenyq Eurrgf) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] User authentication in web app -->
- <li><em>date</em>: Tue Mar 16 16:51:35 2004</li>
- <li><em>from</em>: jsheets at yahoo.com (Jerald Sheets)</li>
- <li><em>in-reply-to</em>: <<a href="msg00597.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] User authentication in web app</li>
Your "From" in the header is showing up as "".
You might want to put your proper name in the "From"
designation in Pine (or Outlook, or OE, etc. etc.)
--js
--- <mainwizard at vei.net> wrote:
>
> The correct way is to match the username
>
> select * from users where USERNAME = 'value';
>
> And if you get a match you then check that the
> password for that user matches the password
> supplied.
>
> ed.
>
> ----- Original Message -----
> From: Chris Fowler
> Sent: 3/16/2004 7:47:20 AM
> To: ajug-members at ajug.org;ale at ale.org
> Subject: [ale] User authentication in web app
>
> > I'm trying to determine the best way to do user
> auth in a web
> > application. I've not done this yet inside of
> servlets. I've done it
> > within our CGI programs that were all written in
> C.
> >
>
> > In the past all users were stored in our special
> password system. This
> > was on an embedded machine. I used getpwnam() to
> get user data and then
> > I would get ACL data. That is just the details.
> To track users I would
> > auth their password against the one in the passwd
> system using one way
> > encryption. I then took the one way encrypted
> string and added it to a
> > cookie. The cookie data was 128-bit encrypted.
> Every time the user
> > would access a page I would then re-authenticate
> them with that one way
> > encrypted password that they entered on the login
> page. If there was no
> > match then I would redirect them to the login
> page. The reason I did
> > this was in the condition that the administrator
> changed their password
> > or rights in between pages. This was the only way
> I could think of how
> > to guarantee they had privs to the site.
> >
> > I want to do a similar thing in the webapp. I
> plan on using a table in
> > our database to store user accounts for the
> application. So during the
> > login phase I'll get their password and do a
> select on that table. I
> > could simply use the password() function in mysql
> like this:
> >
> > select * from users where PASSWORD like
> PASSWORD('value');
> >
> > If I get a row then obviously the password
> matched. Is this the correct
> > thing to do?
> >
> > Next question I have is on session tracking. I
> can then use the servlet
> > session API and then add this encrypted string to
> the cookie. Every
> > time the user access a page I can then do this:
> >
> >
> > select * from users where PASSWORD like
> PASSWORD('value');
> >
> > If I get a match then I know the user is good.
> Otherwise I need to
> > redirect them to the login servlet.
> >
> > This is the only way I can guarantee they have
> access between each page.
> >
> > Is my solution a good solution or provides too
> much overhead? I want to
> > keep good track of users and make sure there are
> no loop holes in the
> > security system.
> >
> > Thanks,
> > Chris
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
> >
>
>
>
>
>
>
> This message has been scanned for viruses by the VEI
> Internet
> Automatic Email Spam and Virus Scanner, and is
> believed to be free of spam or viruses.
> Please report spam to spamtrap at vei.net. If you would
> like 98.9 % spam blocked from your
> E-mail then go to VEI Internet for details.
> Anti-spam/Anti-virus is FREE with every account.
>
>
> <a rel="nofollow" href="http://www.vei.net/";>http://www.vei.net/</a>
> mailtospamtrap at vei.net
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
<a rel="nofollow" href="http://mail.yahoo.com";>http://mail.yahoo.com</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00597" href="msg00597.html">[ale] User authentication in web app</a></strong>
<ul><li><em>From:</em> mainwizard at vei.net (mainwizard at vei.net)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00597.html">[ale] User authentication in web app</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00599.html">[ale] User authentication in web app</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00597.html">[ale] User authentication in web app</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00599.html">[ale] User authentication in web app</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00598"><strong>Date</strong></a></li>
<li><a href="threads.html#00598"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>