On Thursday 15 October 2009, John D. Mort wrote: > I'm guessing the way to go about this would be to set up > authentication so that they enter a username/password, if the password > matches they get a cookie, then as they click around apache queries > that cookie to determine what content to display. Am I on the right > track here?
That sounds like an insecure mostly client-side control method. It may not matter in this case -- but I'm pointing it out anyway because it doesn't sound right. If a user signs up for a new account and then modifies the cookie sent then it seems like their access privilages will change without merit. I'm certainly no web expert, but I've heard others traditionally do this via authentication to either an SQL or LDAP backend (i.e. some kind of auth database) but I don't know specifically why. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 7 - Glade - Linux GUIs made easy Nov 4 - Google Wave Dec 2 - MythTV Jan 6 - Git
