Hi, Thanks for your reply, just had a thought: How secure would it be if I made sure that the URL of the browser was www.mycms.com and only allow access to pages in the /cms folder if true?
Is this safe or an easy hack? "Wolf" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > So, swap your CMS logins to use the same access code for the user, then > use sessions to swap the mysql stuff in where needed. > > Or make it use a mysql call from the CMS login to access their mysql > information from another table and do it that way. > > 1 login, 1 password, very user friendly. > > And only 1 place to have to worry about changing files. > > HTH, > > Wolf > > > Shaun wrote: >> I see your point, the only problem is that the user will have already >> logged >> once into the CMS, logging in again would be a little frustrating and not >> very user friendly... >> >> >> ""Weber Sites LTD"" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >>> I think that you are looking at this from the wrong angle. >>> What you should do, is password protect all CMS directories >>> And then, anyone that needs access has to punch in a valid >>> Username and password. >>> >>> Have a look at : http://sourceforge.net/projects/modauthmysql/ >>> >>> Sincerely >>> >>> berber >>> >>> Visit the Weber Sites Today, >>> To see where PHP might take you tomorrow. >>> PHP code examples : http://www.weberdev.com >>> PHP & MySQL Forums : http://www.weberforums.com >>> >>> >>> >>> -----Original Message----- >>> From: Shaun [mailto:[EMAIL PROTECTED] >>> Sent: Monday, April 17, 2006 2:52 PM >>> To: php-general@lists.php.net >>> Subject: Re: [PHP] Including files from another site >>> >>> Hi, >>> >>> Thanks for your reply, sorry I should have been a little clearer in my >>> explanation. Here goes... >>> >>> I have a dedicated UNIX server with many websites on it. On this server >>> I >>> have also created a Content Management System which has a database which >>> I >>> use to store HTML content for all the other websites. Each website has a >>> database connection to the CMS database to retrieve the HTML for its >>> pages. >>> >>> Each website that uses its own database has a folder called /cms and in >>> here >>> I keep all the database admin scripts for that website. I want these >>> pages >>> to only be accessible from within the CMS website and nothing else. So >>> when >>> the user is in the CMS they can click on database admin and it will >>> include >>> the pages in that websites /cms folder. >>> >>> My Question is how can I ensure that the CMS is the only website that >>> can >>> access these scripts securely? >>> >>> Thanks for your advice. >>> >>> >>> ""Weber Sites LTD"" <[EMAIL PROTECTED]> wrote in message >>> news:[EMAIL PROTECTED] >>>> I'm not sure I understand what you are trying to do. >>>> What is the connection between frames and security? >>>> >>>> In general, assuming that all users have access to The same scripts, >>>> you need to include in all of your Scripts some kind of security logic >>>> that tells the Script which user can do what. >>>> >>>> Usually you would want to also allow group access Rather then user >>>> access for easier maintenance. >>>> >>>> You should keep a user table with user, password And privileges. There >>>> are endless ways to do this And you need to choose what is best for >>>> your site. >>>> >>>> Have a look at some relevant code examples: >>>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut >>>> h >>>> >>>> berber >>>> >>>> -----Original Message----- >>>> From: Shaun [mailto:[EMAIL PROTECTED] >>>> Sent: Monday, April 17, 2006 12:46 PM >>>> To: php-general@lists.php.net >>>> Subject: [PHP] Including files from another site >>>> >>>> Hi, >>>> >>>> I have created a CMS where all sites on our server are administrated >>>> from one central site, and HTML content is stored in the CMS database. >>>> >>>> I want users to all control their sites database functions from the >>>> CMS site, but I want to keep the database and database admin scripts >>>> in the individual website account to keep things simple. So I need >>>> want to be able to include these scripts within the CMS site but keep >>>> them secure. I have tried using frames but I can't keep a session >>>> going in the database admin scripts, is there a better way to do this? >>>> >>>> Any advice would be greatly appreciated. >>>> >>>> -- >>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >>>> http://www.php.net/unsub.php >>> -- >>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >>> http://www.php.net/unsub.php >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
