This was the same approach used in the original Bank of Montreal online banking application (which ran under Tango 1.5). Each query document (predessor to a taf file) had the if action at the top to check for the existance of a user variable that was set after a successful login. That variable was deleted during the logout process or let to expire with the variable expiration process.
I mention the bank because they had an independent audit team test the system thoroughly and it passed all of their security tests and concerns. I know there have been various examples shipped with the product that demonstrated this although I can't see it in the Tango2000 demos folder on my machine. Also the first part of the EveryWare/Pervasive Tango Training went through the 'Login' model. If you're still stuck, I could provide you with an example of what I use. Hope this helps, Steve Smith Skadt Information Solutions Office: (519) 624-4388 GTA: (416) 606-3885 Fax: (519) 624-3353 Cell: (416) 606-3885 Email: [EMAIL PROTECTED] Web: http://www.skadt.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Garth Penglase Sent: July 30, 2002 10:23 PM To: Multiple recipients of list witango-talk Subject: RE: Witango-Talk: Security on tafs From memory, I saw the replies to your previous post and I thought they answered this... I thought the gist of it was: put a if statement at the beginning of each taf and check for the userid or whatever unique reference is assigned so that you know they have logged in. I use a unique hidden userid that is assigned from comparing a username and password match - I am sure you could store session ids in cookies, or any number of approaches - whatever suits the application and user base and level of security required (a couple of threads recently went into different re-login and authentication approaches which may be useful for you to refer to) - check for this unique id on entry into each taf and if not present force a re-login. cheers Garth At 08:43 31/07/02 -0500, you wrote: >Hello > >I have asked this before, and I don t think the responses were to the >exact question I was asking. > >I have the Web Construction Book and all the taf s that come with it. I >have seen a few tafs float around on this list but what I am needing is >something that I believe I haven t seen. > >I have a rather large project, that of course has a front door with a >login page, etc. > >I want all the taf s that are in the project to be secure. I don t want >the enduser to be able to hit any taf in the project without going thru >the login. > >What have others used? Does anyone have any examples? > >Thanks! > >Steve Campbell > >OU Physicians > >Internet Software Developer/Web Manager > >University of Oklahoma Health Sciences Center > >800 Northeast 15th Street > >ROB #601 > >Oklahoma City, Oklahoma 73172 > > > > > > CONFIDENTIALITY NOTICE: This e-mail, including any attachments, contains > information from The University of Oklahoma College of Medicine, which > may be confidential or privileged. The information is intended to be for > the use of the individual or entity named above. If you are not the > intended recipient, be aware that any disclosure, copying, distribution > or use of the contents of this information is prohibited. > > > >If you have received this email in error, please notify the sender >immediately by "reply to sender only" message and destroy all electronic >and hard copies of the communication, including attachments. > >-----Original Message----- >From: Robert Garcia [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 31, 2002 7:45 AM >To: Multiple recipients of list witango-talk >Subject: Witango-Talk: Witango v5 for OS X, IN THE FLESH > > > >OK, > >For all you still having to run classic, just because the Tango Editor is >not carbonized, take a look at this: > >http://www.theradmac.com/tools/witango.tml > >I have posted a movie of the carbonized editor. Yes, it actually exists, >and works. I have used it daily for some time, and since the latest seed, >I have not gone back to the T4 editor for any reason. It is actually less >buggy than the 4.05.047 editor. > >Enjoy. > >-- > >Robert Garcia >BigHead Technology >2781 N Carlmont Pl >Simi Valley, CA 93065 >Phone 805.501.1390 >Fax 805.522.8557 >http://www.bighead.net/ >[EMAIL PROTECTED] ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
