Hey John,
Forgot to tell you I joined the mailing list.
For every one else I think this would be a good time to introduce
myself. My name is Antoni and I am a former co-worker of John's.
I think the best approach to creating an authentication system would
be to use a MySQL database and PHP. This way you can control a user's
interaction with your site based on roles. CakePHP is a very good
framework, but can be a little daunting if you don't have much
experience with PHP.
I wouldn't recommend building it from scratch unless you really want
to. A project like this can get really big really fast. There are some
other php frameworks out there like Zend but that one is pretty
bloated. It really comes down to personal preference.
I will be converting the Sono-Tek website over to CakePHP when I get a
chance, management is starting to realize the potential of web apps.
Well hope that helps.
On Oct 15, 2009, at 7:52 PM, Chris Knadle wrote:
On Thursday 15 October 2009, John D. Mort wrote:
I'm guessing the way to go about this would be to set up
authentication so that they enter a username/password, if the
password
matches they get a cookie, then as they click around apache queries
that cookie to determine what content to display. Am I on the right
track here?
That sounds like an insecure mostly client-side control method. It
may not
matter in this case -- but I'm pointing it out anyway because it
doesn't sound
right. If a user signs up for a new account and then modifies the
cookie sent
then it seems like their access privilages will change without merit.
I'm certainly no web expert, but I've heard others traditionally do
this via
authentication to either an SQL or LDAP backend (i.e. some kind of
auth
database) but I don't know specifically why.
-- Chris
--
Chris Knadle
[email protected]
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) MHVLS Auditorium
Oct 7 - Glade - Linux GUIs made easy
Nov 4 - Google Wave
Dec 2 - MythTV
Jan 6 - Git
-Antoni Sousa
"We are not enemies, but friends. We must not be enemies. Though
passion may have strained it must not break our bonds of affection.
The mystic chords of memory, stretching from every battlefield and
patriot grave to every living heart and hearthstone all over this
broad land, will yet swell the chorus of the Union, when again
touched, as surely they will be, by the better angels of our nature."
~ Abraham Lincoln
"What is government itself but the greatest of all reflections on
human nature? If men were angels, no government would be necessary." -
James Madison
"... And say, finally, whether peace is best preserved by giving
energy to the government or information to the people. This last is
the most certain and the most legitimate engine of government. Educate
and inform the whole mass of the people. Enable them to see that it is
their interest to preserve peace and order, and they will preserve
them. And it requires no very high degree of education to convince
them of this. They are the only sure reliance for the preservation of
our liberty." -Thomas Jefferson
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) MHVLS Auditorium
Oct 7 - Glade - Linux GUIs made easy
Nov 4 - Google Wave
Dec 2 - MythTV
Jan 6 - Git
