On Wed, 6 Jun 2001, Joe Schulman wrote:
> This is mainly a question directed to those with experience in this sort of thing.
>
> In general, how should one go about authenticating a user and then allowing them to
>view separate pages under that particular login?
>
> I know that cookies aren't 100% reliable, and I also know that sending
> secret and often vital information like that over open, non-encrypted
> streams is not the best way to go.
>
> Encryption, sadly, is not an option for this particular case.
If you are using Apache, look at the Apache::Session modules. You can tie
a session to a database backend, and be able to authenticate & validate
users that way. It's not a trivial task, to be sure. And you still have
the problem of passing cleartext passwords across the net if you are not
using SSL.
-- Brett
Brett W. McCoy
Software Engineer
Broadsoft, Inc.
240-364-5225
[EMAIL PROTECTED]
