From: | Vince Vielhaber <vev(at)michvhf(dot)com> |
---|---|
To: | Andrew McMillan <andrew(at)catalyst(dot)net(dot)nz> |
Cc: | Stephan Borg <wolff_borg(at)yahoo(dot)com(dot)au>, <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: WWW-Authentication and Postgresql |
Date: | 2001-12-26 03:24:30 |
Message-ID: | Pine.BSF.4.40.0112252221500.36020-100000@paprika.michvhf.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
On 26 Dec 2001, Andrew McMillan wrote:
> On Wed, 2001-12-26 at 12:24, Stephan Borg wrote:
> > Hello there,
> >
> > I'm hoping that someone has tried this already. I am currently trying to
> > write code, that prompts the user with a www-authentication logon and
> > proceeds to verify if the credentials are a valid Postgresql user (incl
> > password) before proceeding.
>
> We have code to do this in the office somewhere. It isn't hard. Follow
> the PHP examples and try a connect to the database with the credentials
> you have got from the auth.
>
> I don't actually do this for any of my sites, however. I find that
> database user != system user in 99.9% of cases. In addition I find that
> the www-authentication method makes for a crude login process.
>
> E-mail me off-list if you can't figure it out and I will dig out the
> code for you.
A couple of quick gotchas. 1) make sure you filter out all unwanted
characters so someone can't execute sql calls inside of a username or
password. 2) On failure make sure you send a 401 to the browser just
like you do initially when asking for the password to clear out the
old one - you can also use this to handle logouts.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
From | Date | Subject | |
---|---|---|---|
Next Message | Stephan Borg | 2001-12-27 03:00:53 | Re: WWW-Authentication and Postgresql |
Previous Message | Andrew McMillan | 2001-12-26 02:52:06 | Re: WWW-Authentication and Postgresql |