[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Online Authetification(grr dunno if its correct)

To: dineshb@nospam.ozemail.com.au
Subject: Re: [ProgSoc] Online Authetification(grr dunno if its correct)
From: Peter Lees <peter@nospam.yseda.com.au>
Date: Tue, 23 Jun 1998 23:09:57 +1000 (EST)
Cc: progsoc@nospam.progsoc.uts.edu.au
In-Reply-To: <3.0.1.32.19980623101345.0080a3f0@nospam.mail.ozemail.com.au> from "Dinesh" at Jun 23, 98 10:13:45 am
Reply-To: Peter Lees <peter@nospam.yseda.com.au>
Sender: owner-progsoc@nospam.progsoc.uts.edu.au

Dinesh wrote...
> 
> Hi ppl,
> 
> One question, I want people to login via the web quite similar to the
> recent post of getting emails via the web. But this login is real time,
> meaning when the user fills out the online form and he gets emailed his
> login and password back to the users valid email account.  After that he
> uses this u/p to login to say a restricted directory.  

ok i think i understand.  you want people to register before entering
the site, right?
 
> Is there any security holes such as backdoor to the pages direct

almost certainly.  you should be very careful when writing cgi
programs, especially since (at progsoc) they execute with YOUR permissions.
be especially careful of characters like ! @nospam. ; | ` and field overflows.

> http://www.progsoc.uts.edu.au/~dinesh/members/news/1.html
> where members directory is restricted by a login and password.  
> 
> Is there any scripts on the web for doing this? If so, does this cgi write
> to .htaccess file and just update it when ever user completes the form? 

probably. but this is also an ideal opportunity to learn perl, yes?
 
> Or the only thing I can think of is, when the user logs the form and the
> email script fires up a email to the user/admin saying that a entry has
> been done.  After that the admin just edits the file manually and adds the
> user.

it depends on whether you want to restrict who can enter the "private"
area.  if you just want people to register & be identified by the system,
then an automatic adding system would be fine - otherwise you have to 
work out how you want to select "suitable" people.  this would usually 
involve a human of some kind.

one possible appraoch to this would be to store the new user's details
in a "pending" area, and alert the admin via email (or via an admin 
web page, if the traffic is high).  you could then write some more tools,
either command line or for use via CGI, to automatically move approved
users to the .htaccess file and send them a welcome email.

and of course, there are many many other ways to achieve similar results.

hth

cheers

p


ps - dinesh, are you taking any software development subjects??

-- 
peter@nospam.yseda.com.au               "...Beneath this playful, boyish exterior,
                                     beats the heart of a sadistic maniac."
                                                        - Edmund Blackadder
--
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>

References:
- [ProgSoc] Online Authetification(grr dunno if its correct)
  - From: Dinesh <dineshb@nospam.ozemail.com.au>

Prev by Date: [ProgSoc] Another Easter Egg for Excel 95
Next by Date: Re: [ProgSoc] Online Authetification(grr dunno if its correct)
Prev by thread: [ProgSoc] Online Authetification(grr dunno if its correct)
Next by thread: Re: [ProgSoc] Online Authetification(grr dunno if its correct)
Index(es):
- Date
- Thread