Re: WWW-Authentication and Postgresql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 26 Dec 2001, Andrew McMillan wrote:

> On Wed, 2001-12-26 at 12:24, Stephan Borg wrote:
> > Hello there,
> >
> > I'm hoping that someone has tried this already. I am currently trying to
> > write code, that prompts the user with a www-authentication logon and
> > proceeds to verify if the credentials are a valid Postgresql user (incl
> > password) before proceeding.
>
> We have code to do this in the office somewhere.  It isn't hard.  Follow
> the PHP examples and try a connect to the database with the credentials
> you have got from the auth.
>
> I don't actually do this for any of my sites, however.  I find that
> database user != system user in 99.9% of cases.  In addition I find that
> the www-authentication method makes for a crude login process.
>
> E-mail me off-list if you can't figure it out and I will dig out the
> code for you.

A couple of quick gotchas.  1) make sure you filter out all unwanted
characters so someone can't execute sql calls inside of a username or
password.  2) On failure make sure you send a 401 to the browser just
like you do initially when asking for the password to clear out the
old one - you can also use this to handle logouts.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@xxxxxxxxxxx    http://www.pop4.net
         56K Nationwide Dialup from $16.00/mo at Pop4 Networking
        Online Campground Directory    http://www.camping-usa.com
       Online Giftshop Superstore    http://www.cloudninegifts.com
==========================================================================





[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux