#12 Post Auth SQL

open
Jerry Stuckle
None
5
2006-10-15
2006-06-25
Anonymous
No

Please consider adding a parameter to hold an SQL statement that is
execute after authentication. You might also consider separate params for
success and failure. The immediate use for this is logging, but you could
imagine a number of other uses such as initializing or updating session
data. - mt

Discussion

  • Jerry Stuckle
    Jerry Stuckle
    2006-10-15

    Logged In: YES
    user_id=1049703

    Success/failure is already logged in the Apache log.

    We will consider the possibility of executing another SQL
    statement after successful/unsuccessful logging. However,
    this would not be a good place for initializing or updating
    sessoin data.

    If this is the first time, the session would not be created
    yet. Additionally, authentication/authorization takes place
    on ANY access to a protected resource - the first time your
    browser pops up a window requesting your userid/password,
    and just uses that information in later requests.
    Authentication/authorization still takes place, however, and
    mod_auth_mysql is called.

     
  • Jerry Stuckle
    Jerry Stuckle
    2006-10-15

    • assigned_to: nobody --> jstuckle
     
  • Jeremy
    Jeremy
    2007-11-29

    Logged In: YES
    user_id=1948437
    Originator: NO

    I can see this as very important so we can track login failures (to see possible password hurlers) and multiple logins from different IPs that could note password sharing. So a success and failure extra SQL statements are important.