[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Authentication, userdb, Group Login
At 02:04 AM 11/11/1999 , you wrote:
>****** message to minivend-users from "Ton Verhagen"
><ton@verhagen.net> ******
>
>Thanks for your contribution Ryan.
>
>It seems like a good approach.
>However, ...see below
>
>
> >****** message to minivend-users from Ryan Hertz
><rhertz@gyb.baits.com> ******
> >
> >At 12:46 PM 11/10/1999 , you wrote:
>[snip]
>
> >>Here are the requirements/restrictions:
> >>Company1 -- has a subsription and is allowed to access the
>site.
> >>All employees (employee_1 ... employee_n) of this company need
>to
> >>be able to acces the site without having to login individually.
> >
> > Sounds like you could model from the Unix permission
> >scheme. Users (employees) would be part of a group (the
>company).
>
>You are right, but how can we achieve that the employees do not
>have to login by themselves? The idea is that the company logs
>in, say once a day, and all employees (on diffferent PCs in
>office) can access the site without having to bother about login
>procedures. Also, every employee should get his private session.
Yikes! That's rather complicated... in fact, I'd almost say that
it is impossible to give each employee a private session attached to the
employer's login. It all depends on the level of security you wish to
provide to the data.
So the main focus is that no employee can access the site unless
the 'company' or a main account has logged in?
To have the employee identified by an account/employer/name would
almost require a login procedure of some type. If you were using Apache
and the .htaccess scheme, you could encode a URL with the account/password,
such as http://name:password@www.secretwebsiteproject.com. However, this
method leaves the account and password visible in the browser/history.
I really can't think of any truly bullet-proof method of doing it. :-(
> >>Managers (manager_1 ... manager_n) get extra priviliges (eg.
> >>update files or order products) when they login with a username
> >>and password.
> >
> > Add a field in the userdb that contains a numeric
>privilige.
>
>This is indeed a workable solution. The bits in the number could
>set the allowed priviliges. Thanks!
>
> >
> >>Managers must be able to access the site from anywhere (eg.
>home,
> >>office, etc).
> >>
> >>All employees and managers accessing the site (catalog) must
>have
> >>his own session.
> >>
> >>Multiple companies can subscribe to the site of course.
> >>Note: Some companies have a fixed IP address but not all of
>them.
> >>
> >>At present we haven't been able to figure out how to address
>this
> >>problem. Has anyone worked on something similar or has anyone
>any
> >>idea how to implement this authentication scheme? Any pointers
> >>are welcome.
> >>
> >>Thanks a lot for your kind cooperation.
> >>
> >>Best regards
> >>
> >>Ton
> >>
> >>-
> >>To unsubscribe from the list, DO NOT REPLY to this message.
>Instead, send
> >>email with 'UNSUBSCRIBE minivend-users' in the body to
>Majordomo@minivend.com.
> >>Archive of past messages:
>http://www.minivend.com/minivend/minivend-list
> >
> >
> >Ryan Hertz tel
>800-645-BAIT
> >Webmaster fax
>520-645-2588
> >Advertising Director
>http://www.insideline.net
> >Gary Yamamoto Custom Baits, Inc.
>http://www.yamamoto.baits.com
> >
> >-
> >To unsubscribe from the list, DO NOT REPLY to this message.
>Instead, send
> >email with 'UNSUBSCRIBE minivend-users' in the body to
>Majordomo@minivend.com.
> >Archive of past messages:
>http://www.minivend.com/minivend/minivend-list
> >
>
>-
>To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
Ryan Hertz tel 800-645-BAIT
Webmaster fax 520-645-2588
Advertising Director http://www.insideline.net
Gary Yamamoto Custom Baits, Inc. http://www.yamamoto.baits.com
