Menu
▾
▴
Re: Handling session authentication in a web app
|
From: Mark W. <mew...@un...> - 2000-11-20 16:03:34
|
No there's not a simple way of testing permissions before attempting an operation. Mark Tom Jordan wrote: > That's the conclusion I'm coming to. I'm working on storing session state > in a local database (along with encrypted username/password data). > > Different question (but along the same lines): > > Is there a way to test whether an attribute is writeable by the current > user? I'd like to simply display all attributes that a user has rights to > view and supply an option to edit those that may be written. Is there a > way to determine which is which short of attempting to write (and > failing)? > > Thanks, > Tom > > On Mon, 20 Nov 2000, Mark Wilcox wrote: > > > if you want to use permissions as they are stored in the LDAP server for > > LDAP operations (not a bad idea because that way users have the same rights > > regardless of how they interact with the LDAP server) you need to store the > > DN and password so that you can keep binding to the server. > > > > You either need to store the DN and Password in memory (only possible if > > you're using mod_perl), in an ecrypted cookie (I use a DES encrypted > > cookie) or in an encrypted file/database on the server. > > > > I don't know of any application that does this in Perl. It's a little bit > > easier to do this as a Java servlet because it has a default session storage > > system that's unique per application invocation. You can do the same in Perl, > > it just takes a bit more work. > > > > Mark > > > > Tom Jordan wrote: > > > > > Hey folks, > > > > > > I need to put together a web application to allow people to edit > > > attributes I've given them access to (password resets for the help desk, > > > radius info for the network guys, etc). > > > > > > I'm pretty clear on what I need to do between the script and the LDAP > > > server, but does anyone have any suggestions on how to handle session > > > authentication? > > > > > > I'd like to have a client log in to the web app with their uid and > > > userPassword, and then be able to mess with stuff according to the > > > permissions given to their object (so the script would bind to the > > > directory as the user). > > > > > > Any suggesions on how to manage the session? Alternately, does anyone know > > > of any applications like this out there that I could tweak (other than > > > Netscape's DSGW, which has annoyed me on many occasions). > > > > > > Thanks much, > > > > > > Tom Jordan > > > University of Wisconsin Madison > > |
