[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Authentication, userdb, Group Login

To: minivend-users@minivend.com
Subject: Re: [mv] Authentication, userdb, Group Login
From: Dan Busarow <dan@dpcsys.com>
Date: Thu, 11 Nov 1999 19:45:47 -0800 (PST)
In-Reply-To: <4.2.2.19991111182922.00a4d170@10.10.30.66 POP3>

On Thu, 11 Nov 1999, Ryan Hertz wrote:
> At 02:04 AM 11/11/1999 , you wrote:
> >******    message to minivend-users from "Ton Verhagen" 
> >You are right, but how can we achieve that the employees do not
> >have to login by themselves? The idea is that the company logs
> >in, say once a day, and all employees (on diffferent PCs in
> >office) can access the site without having to bother about login
> >procedures. Also, every employee should get his private session.
> 
>          Yikes!  That's rather complicated... in fact, I'd almost say that 
> it is impossible to give each employee a private session attached to the 
> employer's login.  It all depends on the level of security you wish to 
> provide to the data.
>          So the main focus is that no employee can access the site unless 
> the 'company' or a main account has logged in?
>          To have the employee identified by an account/employer/name would 
> almost require a login procedure of some type.  If you were using Apache 
> and the .htaccess scheme, you could encode a URL with the account/password, 
> such as http://name:password@www.secretwebsiteproject.com.  However, this 
> method leaves the account and password visible in the browser/history.
>          I really can't think of any truly bullet-proof method of doing it. :-(

You could write your own auth module for Apache.  See Apache::AuthDBI
as a starting point for an auth module that uses DBI::DBD to talk to
a database.

Then you could use REMOTE_ADDR to lookup say the first three octets
of the address and see if there is a current (today) record.  If there
is return an auth OK.  If not make them login as normal, checking
against a user/password table, this would be the company login.
If this login succeeds you update the network table and return auth 
OK.

It's tricky and requires root and mod_perl, but is doable.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82

References:
- Re: [mv] Authentication, userdb, Group Login
  - From: Ryan Hertz <rhertz@gyb.baits.com>

Prev by Date: Re: [mv] Authentication, userdb, Group Login
Next by Date: RE: [mv] multiple page arguments
Prev by thread: Re: [mv] Authentication, userdb, Group Login
Next by thread: Re: [mv] Authentication, userdb, Group Login
Index(es):
- Date
- Thread