Menu
▾
▴
Re: Handling session authentication in a web app
|
From: Tom J. <tj...@do...> - 2000-11-20 15:17:53
|
That's the conclusion I'm coming to. I'm working on storing session state in a local database (along with encrypted username/password data). Different question (but along the same lines): Is there a way to test whether an attribute is writeable by the current user? I'd like to simply display all attributes that a user has rights to view and supply an option to edit those that may be written. Is there a way to determine which is which short of attempting to write (and failing)? Thanks, Tom On Mon, 20 Nov 2000, Mark Wilcox wrote: > if you want to use permissions as they are stored in the LDAP server for > LDAP operations (not a bad idea because that way users have the same rights > regardless of how they interact with the LDAP server) you need to store the > DN and password so that you can keep binding to the server. > > You either need to store the DN and Password in memory (only possible if > you're using mod_perl), in an ecrypted cookie (I use a DES encrypted > cookie) or in an encrypted file/database on the server. > > I don't know of any application that does this in Perl. It's a little bit > easier to do this as a Java servlet because it has a default session storage > system that's unique per application invocation. You can do the same in Perl, > it just takes a bit more work. > > Mark > > Tom Jordan wrote: > > > Hey folks, > > > > I need to put together a web application to allow people to edit > > attributes I've given them access to (password resets for the help desk, > > radius info for the network guys, etc). > > > > I'm pretty clear on what I need to do between the script and the LDAP > > server, but does anyone have any suggestions on how to handle session > > authentication? > > > > I'd like to have a client log in to the web app with their uid and > > userPassword, and then be able to mess with stuff according to the > > permissions given to their object (so the script would bind to the > > directory as the user). > > > > Any suggesions on how to manage the session? Alternately, does anyone know > > of any applications like this out there that I could tweak (other than > > Netscape's DSGW, which has annoyed me on many occasions). > > > > Thanks much, > > > > Tom Jordan > > University of Wisconsin Madison > |
