|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
#1
June 4th, 2001, 03:07 PM
|
|||
|
|||
|
Password protecting a website
Hi,
I work at a website design company. We are currently developing a site that requires a password-protected Member section. A site done at this company before I started working here has a page that is password protected in theis manner: The page is a ColdFusion template with an HTML form that requires you to enter a username and password. The username and password are checked by querying a database that contains the usernames and passwords. If the the username and password entered in the form match both fields in a given record in the database, the template writes a cookie on the client machine and allows them to continue to browse the site. Is this a secure way of implementing password protection? All of the information I have seen regarding this talks about HTTP Authentication, which is obviously not employed in this scheme. Any information appreciated, thanks.
|
|
#2
June 4th, 2001, 09:38 PM
|
|||
|
|||
|
htaccess?
You could use htaccess. For how-to and info, goto
http://www.perlaccess.com/tutorials/8/8.3.html
|
|
#3
June 5th, 2001, 07:22 AM
|
|||
|
|||
|
Password protecting a website
Yoey-
Thanks for your post, but I think you missed the point of my problem -- I guess I should have explained the situation in greater detail... At the company I work at, we have been developing sites with ColdFusion and Access and everything has been hosted on an NT server accordingly. Now we are doing a site that requires a password protected members area, but my boss wants to keep using ColdFusion and Access. I did some research on the password protection issue and everything was telling me that I needed to be on a Unix system and use HTTP Basic Authentication, as you suggested. When I told my boss about this he told me that he already had a site with password protection, hosted on his NT server. So I took a look at what he was talking about and I'll describe it now in a little more detail. There is a page on the site, a ColdFusion template, with a textbox for username and one for password. You type in your username and password and click submit, then the template queries and Access database containing usernames and passwords. The SQL statement that forms the query has a WHERE clause that says WHERE username = form.username AND password = form.password, so if the user types in a valid username and password a record is returned by the query. There is then code in the template that tests to see if a record was returned; if there is, it sets a cookie on the user's machine and allows them to continue browsing; if a record is not returned, indicating that the user did not enter a username and password that are in the database, they are redirected. My question was: is that scheme secure?
|
|
#4
June 10th, 2001, 12:05 PM
|
|||
|
|||
|
Re: Password protecting a website
Quote:
If You use a diagram to encrypt the password in the coockies then it should be secure... at least 99%....
|
|
| Viewing: Dev Shed Forums > Web Hosting > Web Hosting > Password protecting a website |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
 |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
