Re: Security, and Including Labor on Assemblies....

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

You can use apache mod_perl authentication/session modules... rather
than rewrite the sql-ledger code. Some purists argue about where
authentication and session management code should sit in multi-tiered
architectures... I think just do it where you feel most
comfortable. You can always deal with the consequences later. ;-)

On Thursday, 2001-11-15 at 02:18:15 AM, David Ratte scribbled:
> Gentlemen (and ladies...)
> 
> Two brief questions:
> 1. One of my last concerns before my all-out switch to sql-ledger is about 
> security... my concern is that since password protection on each page 
> consists only of having a valid username attached on the end of the url, a 
> terminated employee can still access the system as long as he/she still knows 
> the name of anyone who works here.
> 
> All they have to do us add:
>  http://URL?path=bin/mozilla&action=xxx&login=StillEmployedUserName
> 
> So my questions is this (yes it takes me a while to get to the point!):
> Is it possible to use some form of a SESSION ID instead, such that after a 
> successful login the path becomdes URL?session=XNCBXNBC&action=xxx
> 
> This way the sessions can expire at some interval (hourly, daily, etc) and 
> the slightly more crafty user is defeated.

-- 
Benjamin Lee
Melbourne, Australia             "Always real."    http://realthought.net/

Weather outside looks to be 11.4°C, partly cloudy.
__________________________________________________________________________
Base 8 is just like base 10, if you are missing two fingers.
		-- Tom Lehrer