[snip]
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have
a session they aren't logged in. Store the username in the ses
Quoting Rory Browne <[EMAIL PROTECTED]>:
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have a
session they aren't logg
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have a
session they aren't logged in. Store the username in the session var
Quoting Jochem Maas <[EMAIL PROTECTED]>:
Rick Emery wrote:
Okay, I'm following all of this. So I could take, say, the username
reversed and encode it, then decode it in the PHP application,
and be
I wouldn't do it like that
instead stick the username in the cookie in plaintext and
Rick Emery wrote:
Quoting [EMAIL PROTECTED]:
You could just store a username, since they have already authenticated,
but a cookie with just a username would be easy to duplicate. My current
thought is to hash a checksum of some sort and storing that in the
cookie as well. That way you avoid the
Quoting [EMAIL PROTECTED]:
You could just store a username, since they have already authenticated,
but a cookie with just a username would be easy to duplicate. My current
thought is to hash a checksum of some sort and storing that in the
cookie as well. That way you avoid the username only prob
[snip]
First, let me apologize for having to take it to a basic level. I'll
admit that I'm fairly new to web development, but this is something I
could *really* use at work and I want to make sure I understand (just
to set the stage, we use Windows/Active Directory/MS SQL Server at
work, bu
Quoting [EMAIL PROTECTED]:
[snip]
Couldn't I write my own cookie to fool the authentication into
thinking I'm somebody else?
[/snip]
I suppose that you could do that if you were savvy enough to realize
that automatic login to the intranet used a cookie for authentication
and you knew how to for
[snip]
> We are sitting here having a discussion on login techniques and I cam
up
> with a thought...why not have a login script write a cookie that then
> coulod be read by PHP and compared against the AD via LDAP? Does
anyone
> see any gotcha's with that kind of process?
Couldn't I write my own
Quoting [EMAIL PROTECTED]:
[snip]
As far as I can tell you will have to ask the user to login at the web
application level again, but you can verify it against your AD via LDAP
with the basic stuff from http://www.php.net/ldap
[/snip]
We are sitting here having a discussion on login techniques
[snip]
As far as I can tell you will have to ask the user to login at the web
application level again, but you can verify it against your AD via LDAP
with the basic stuff from http://www.php.net/ldap
[/snip]
We are sitting here having a discussion on login techniques and I cam up
with a thought...
11 matches
Mail list logo
