A question on password policies . . .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Folk,

I'm curious if anyone has any advice on setting up multi-level password access?

The site is being developed on Win2K/IIS 5.x, but will be published on  a Linux server, which phpinfo() reports as:
Linux {domain name} 2.4.20-28.8HEsmp #1 SMP Thu Jun 17 16:21:50 BST 2004 i686.

What I'm wondering about is what approach would allow reasonable security, but require the least amount of adjustment between the two disparate servers?

The general scenario is as follows.
*Five levels of membership, 0-4;
*member ID, password (MD5 hash), & access level stored in MySQL v3.23.x;
*script validates member password, looks up access level.

Probably the access level - not the password - would be stored in a Session variable and checked by each succeeding script for appropriate authorization.

As an example, for levels 0-x, 0 would disallow chat, 1 would allow joining a public chat, 2 would allow creation of a public chat room, 3 would allow joining a private chat, 4 would allow creation of a private chat room.

Since the access level is determined by the member ID and password, what's the least effort method to set up password access(es)?  I.E., what password validation method would allow for the least amount of script modification between the two platforms?

Anybody have a preference here, or a comment?



Make a good day . . . 

		. . . barn

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The best argument against democracy is a five minute talk with the average voter. - Winston Churchill 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 	



-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux