I see your point, the only problem is that the user will have already logged once into the CMS, logging in again would be a little frustrating and not very user friendly... ""Weber Sites LTD"" <berber@xxxxxxxxxxxxxxx> wrote in message news:2f9101c6624d$00964610$6901a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxx >I think that you are looking at this from the wrong angle. > What you should do, is password protect all CMS directories > And then, anyone that needs access has to punch in a valid > Username and password. > > Have a look at : http://sourceforge.net/projects/modauthmysql/ > > Sincerely > > berber > > Visit the Weber Sites Today, > To see where PHP might take you tomorrow. > PHP code examples : http://www.weberdev.com > PHP & MySQL Forums : http://www.weberforums.com > > > > -----Original Message----- > From: Shaun [mailto:shaunthornburgh@xxxxxxxxxxx] > Sent: Monday, April 17, 2006 2:52 PM > To: php-general@xxxxxxxxxxxxx > Subject: Re: Including files from another site > > Hi, > > Thanks for your reply, sorry I should have been a little clearer in my > explanation. Here goes... > > I have a dedicated UNIX server with many websites on it. On this server I > have also created a Content Management System which has a database which I > use to store HTML content for all the other websites. Each website has a > database connection to the CMS database to retrieve the HTML for its > pages. > > Each website that uses its own database has a folder called /cms and in > here > I keep all the database admin scripts for that website. I want these pages > to only be accessible from within the CMS website and nothing else. So > when > the user is in the CMS they can click on database admin and it will > include > the pages in that websites /cms folder. > > My Question is how can I ensure that the CMS is the only website that can > access these scripts securely? > > Thanks for your advice. > > > ""Weber Sites LTD"" <berber@xxxxxxxxxxxxxxx> wrote in message > news:2a6601c6621b$fa43bc60$6901a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxx >> I'm not sure I understand what you are trying to do. >> What is the connection between frames and security? >> >> In general, assuming that all users have access to The same scripts, >> you need to include in all of your Scripts some kind of security logic >> that tells the Script which user can do what. >> >> Usually you would want to also allow group access Rather then user >> access for easier maintenance. >> >> You should keep a user table with user, password And privileges. There >> are endless ways to do this And you need to choose what is best for >> your site. >> >> Have a look at some relevant code examples: >> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut >> h >> >> berber >> >> -----Original Message----- >> From: Shaun [mailto:shaunthornburgh@xxxxxxxxxxx] >> Sent: Monday, April 17, 2006 12:46 PM >> To: php-general@xxxxxxxxxxxxx >> Subject: Including files from another site >> >> Hi, >> >> I have created a CMS where all sites on our server are administrated >> from one central site, and HTML content is stored in the CMS database. >> >> I want users to all control their sites database functions from the >> CMS site, but I want to keep the database and database admin scripts >> in the individual website account to keep things simple. So I need >> want to be able to include these scripts within the CMS site but keep >> them secure. I have tried using frames but I can't keep a session >> going in the database admin scripts, is there a better way to do this? >> >> Any advice would be greatly appreciated. >> >> -- >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >> http://www.php.net/unsub.php > > -- > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
