From: | Dorin Grunberg <dorin(at)visgen(dot)com> |
---|---|
To: | Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, pgsql-php(at)postgresql(dot)org |
Subject: | Re: Web Security |
Date: | 2001-02-27 15:26:33 |
Message-ID: | 4.2.0.58.20010227091841.00abaef0@pophost |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
Perhaps you could create a directory called SysAdmin protected by an
.htaccess file that allows access only to the SysAdmin person with the
right user name and password.
Depending on the $REMOTE_USER you can allow or disallow access to certain
areas of your site.
All the best,
Dorin
At 02:05 PM 2/27/2001 +0000, Paul Joseph McGee wrote:
>Hi everybody,
>I am trying to implement a website where users may login and view
>available properties. Basically it is an online auctioneering site which
>is my final year project. I want to be able as SysAdmin to log in
>myself
>and modify, add properties, upload images etc. At the moment I am toying
>with letting
>both users and SysAdmin log in from the same authentication window. The
>properties are all saved in a PostgreSQL database on my machine here. I
>have created a user <webadmin> who has insert, update, select and delete
>priveleges
>on all tables in my database. This user is unable to create databases or
>users. When the SysAdmin logs in he will have a page where he can modify
>houses etc, while when an ordinary user logs in he will have the basic
>window where he can search for houses. At the moment I have it such that
>both users and SysAdmin when connected are connected as webadmin. I dont
>think this is a very secure method but its all i can think of at the
>moment. I'm also not sure how to kep the SysAdmin's page secure from
>everybody else. At the moment all my pages are in a
>/usr/local/apache/htdocs/project/ directory. Does anybody have an idea how
>i could make this implementation more secure and functional.
>Thanks,
>Paul
From | Date | Subject | |
---|---|---|---|
Next Message | Steve Bern | 2001-02-27 15:30:18 | Re: Web Security |
Previous Message | Adam Lang | 2001-02-27 14:46:36 | Re: Web Security |