|  | Posted by Phil Coen on 06/16/34 11:21 
I have never tried to build a web site to restrict users.  Before, I alwayswanted everyone to be able to get to everything that I put on one of my
 sites.  So now I am trying to write (actually just to learn to write) a
 site with a passworded front door.  That is to say, you don't get in
 without the password. Not a thermonuclear secure site proof against
 crackers, the CIA and so forth - just a site with authorization needed.
 Kind of like they do at online newspapers.
 
 Right now it is the concept that I am needing.  I spent the day in the
 bookstore trying to find a book on the subject but no dice.  All web
 building books just concern themselves with fancy HTML concepts and PHP
 books just on using the language.  Apache books have quite a few chapters
 on security, but only from the standpoint of preventing deep cracking, open
 proxies, etc.  Could find none that were concerned with how to actually
 build one.  Ok, so back to figuring it out.
 
 One way that worked is to check (after the login in screen) the
 PHP_AUTH_USER and PHP_AUTH_PW at the start of every module that I call.
 Works ok, but seems to be a kludge.
 
 The method that I am trying now is to put everything past the login module
 into a subdir, put authorized users into a Linux group, and give access to
 that group.  But so far the examples of passing the user and password from
 PHP to the Linux server aren't working.  Or rather to say that I haven't
 made it work yet.  Well, actually I can do it with Perl easily, but that
 isn't the point and I will never learn PHP if I go back and use what I
 already know.
 
 More reading to do.  Fortunately, just before I clicked the print button I
 realised the the official PHP manual is 3300 and so pages!!!  So much for
 taking the manual to the hammock for some comfortable reading.   :-)
 
 Insights anyone?
 
 Thanks
 Phil
  Navigation: [Reply to this message] |