Hi,
On every request you have to check access rights.
So you need access rights. someting like this
rights table
page_id
user_login
right_type
select right_type from rights_table
where page_id = '.$PHP_SELF.'
and user_login ='.$_SESSION['user_login'].'
if this query returns someting, your code
But where do you store the $server_unique_key ?
in DB ?
if yes, it should be different for each user logged-in to system.
Moreover, the $chec_string algorithm should not written in cookie as it is a
weakness from my point of view.
Alain
On 3/4/07, Tijnema ! [EMAIL PROTECTED] wrote:
Give your
I already started to use SSL, but i do not understand how to keep it
running.
I mean after user has been authenticated and authorized to go further, all
next web pages are opened using PHP location(https://...); command.
however, it does not certify that it can not be faked by just typing into
2007. 03. 5, hétfő keltezéssel 15.05-kor Alain Roger ezt írta:
I already started to use SSL, but i do not understand how to keep it
running.
I mean after user has been authenticated and authorized to go further, all
next web pages are opened using PHP location(https://...); command.
Alain Roger wrote:
I already started to use SSL, but i do not understand how to keep it
running.
I mean after user has been authenticated and authorized to go further,
all next web pages are opened using PHP location(https://...); command.
however, it does not certify that it can not be faked
Hi,
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged user has a
particular profile which allow him to have access to some part of the web
application.
after reading the security guide from *php*sec.org webpage, i'm
Alain Roger wrote:
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged user has a
particular profile which allow him to have access to some part of the web
application.
after reading the security guide from
Hi,
do not worry, i will not store a password in a cookie.
it is stored encrypted into database.
Al.
On 3/4/07, Stut [EMAIL PROTECTED] wrote:
Alain Roger wrote:
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged
On 3/4/07, Stut [EMAIL PROTECTED] wrote:
Alain Roger wrote:
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged user has a
particular profile which allow him to have access to some part of the
web
application.
Ok, but i would be very glad to know how can i REALLY authenticate the user.
for example, user is logged, so i have in the cookie his login name.
how can i be sure that it's the same user and not some hacker who hacked the
cookie and the session ?
what should be checked and where those data
Alain Roger wrote:
Ok, but i would be very glad to know how can i REALLY authenticate the
user.
for example, user is logged, so i have in the cookie his login name.
how can i be sure that it's the same user and not some hacker who hacked
the
cookie and the session ?
what should be checked
Tijnema ! wrote:
Give your server a unique ID, and add that to your check string lets say
so you store in your cookie the username and the check string.
example
$user = tijnema;
$server_unique_key =
w#$#%#54dfa4vf4w5$2!@@$w#$%23%25%2354dfa4vf4w5$2!@@$
;
$check_string =
Tijnema ! wrote:
On 3/4/07, Stut [EMAIL PROTECTED] wrote:
Tijnema ! wrote:
Give your server a unique ID, and add that to your check string lets
say
so you store in your cookie the username and the check string.
example
$user = tijnema;
$server_unique_key =
13 matches
Mail list logo