Re: authenticating a second user

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 14377
interpreted = N
texte = >How do you plan to deal with the security issues raised by having one >user jump on a browser that already has the previous user's username >and password cached in it? > >That's a security issue you need to resolve on your workstation, or >else the second user will have access to everything the first user >had access to, simply because neither the browser nor the server has >any way of knowing that the last person to enter a username/password >is no longer the person using the browser! > That is the problem get rid of the cached username and password. I know this is a security issue, but I need to be able to re-authenticate a new user using a browser already used. It is to be used by a team of people who have to see the records they are managing. The list is built after looking up the useername and password of the user and then to display his own list. The next user goes to the authentication page and then gets his own list of records.>If you really aren't bothered by this security issue at your >workstation, then I will tell you that both WebCatalog and Typhoon >can make the browser's authentication dialog box appear whenever the >user clicks a form button or a hyperlink. It's simple to code in >WebDNA. I have a web page where visitors come to authenticate themselves. So this kind of approach should work, but I was unable to have the new username and password correctly cached.I don't know how to match the entered username/password combination to the users.db. The first time a user comes in, he is detected and gets his list of results. But when the next user comes in I don't seem to be able to have the username cached in the browser replacing the other one. I think it is because I try to authenticate a new user for the same realm, I mean the new user has the same privileges than the previous one.>Do you understand WebDNA well enough to write it yourself? Hope you can help me.Laurent.--- Laurent Pladys LXir 33 rue de la foret 77160 Chenoise France +33 (0)1 64 00 23 23 (tel) +33 (0)1 64 00 59 62 (fax) www.LXir.net ltpladys@LXir.net Associated Messages, from the most recent to the oldest:

    
  1. Re: authenticating a second user, the sequel (Kenneth Grome 1997)
  2. authenticating a second user, the sequel (Laurent Pladys 1997)
  3. Re: authenticating a second user (ltpladys 1997)
  4. Re: authenticating a second user (Kenneth Grome 1997)
  5. Re: authenticating a second user (Christer Olsson 1997)
  6. Re: authenticating a second user (ltpladys 1997)
  7. Re: authenticating a second user (ltpladys 1997)
  8. Re: authenticating a second user (Kenneth Grome 1997)
  9. authenticating a second user (ltpladys 1997)
>How do you plan to deal with the security issues raised by having one >user jump on a browser that already has the previous user's username >and password cached in it? > >That's a security issue you need to resolve on your workstation, or >else the second user will have access to everything the first user >had access to, simply because neither the browser nor the server has >any way of knowing that the last person to enter a username/password >is no longer the person using the browser! > That is the problem get rid of the cached username and password. I know this is a security issue, but I need to be able to re-authenticate a new user using a browser already used. It is to be used by a team of people who have to see the records they are managing. The list is built after looking up the useername and password of the user and then to display his own list. The next user goes to the authentication page and then gets his own list of records.>If you really aren't bothered by this security issue at your >workstation, then I will tell you that both WebCatalog and Typhoon >can make the browser's authentication dialog box appear whenever the >user clicks a form button or a hyperlink. It's simple to code in >WebDNA. I have a web page where visitors come to authenticate themselves. So this kind of approach should work, but I was unable to have the new username and password correctly cached.I don't know how to match the entered username/password combination to the users.db. The first time a user comes in, he is detected and gets his list of results. But when the next user comes in I don't seem to be able to have the username cached in the browser replacing the other one. I think it is because I try to authenticate a new user for the same realm, I mean the new user has the same privileges than the previous one.>Do you understand WebDNA well enough to write it yourself? Hope you can help me.Laurent.--- Laurent Pladys LXir 33 rue de la foret 77160 Chenoise France +33 (0)1 64 00 23 23 (tel) +33 (0)1 64 00 59 62 (fax) www.LXir.net ltpladys@LXir.net ltpladys

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Suggestion -- who are you people (1998) SiteEditPro (1996) Emailer setup (1997) [WebDNA] .html suffix (2014) Sort Order on a page search (1997) Simple way to create unique SKU (1997) Syncing WebDNA w/ Palm (2005) Any 4.5 to 5.0 upgrade gotchas? (2003) Item order (2002) RE: upload pictures any solution (1999) [REFERRER] works with form posts (2003) RE: Multithreading of [replace] (1999) WebCat 3.04-3.07 plug-in dying on server.... (2000) Extended [Concvertchars] needed (1997) Username for Admin Group (1997) WC2b15 - [HTMLx]...[/HTMLx] problems SOLVED! (1997) Deleting Orders (1997) Re:Password Authentication - request example (1998) WebCat2b13MacPlugIn - [include] (1997) t or f (1997)