[nycphp-talk] In hind sight
Michele Waldman
mmwaldman at nyc.rr.com
Fri Feb 6 19:21:24 EST 2009
BTW:
Guys,
I’m drinking now. Final post before taking vacation. Yeahhhhhh! My first
major website. I did a Zencart before, but never homespun like this. I,
typically, modify E. Indian made websites.
My implementation is a spin on:
http://www.berenddeboer.net/rest/authentication.html
There’s a Opera and Safari kink to iron out. So, they are not working.
Because I can’t use this implementation without validating the account
before login in with ajax, I use php session variables for security outside
the account. It validates the user has correctly answered captchas and
security question and validates the security question id is correct before
responding the login information is valid. I use this on all pages trying
to login or send email to reduce the chances of robots getting anywhere.
However, once inside I only use that approach when modifying the user’s
info. The rest depends entirely on mod_auth_digest/mysql, my version. That
means I don’t have to modify every single php file with authentication
checks.
I hooked up with a guy on the apache mailing list that gave me the final
piece of the puzzle to prevent login dialog popups.
I know I followed a lot of wrong tangents at points and people may think I’m
lost, but it’s tight now.
If you don’t have one million hits a day, once opera and safari get on
board, I welcome you to check it out.
Yeaaaaaaaaahhhhhhhhhhhhhhhh! I’m done!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Going
live!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Michele
_____
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Michele Waldman
Sent: Friday, February 06, 2009 8:42 AM
To: 'NYPHP Talk'
Subject: Re: [nycphp-talk] In hind sight
Sure thing. My hind sight was wrong. I definitely needed this
implementation. I can’t log out in ajax with basic. I always second guess
myself. Keeps me in check.
Good news for you guys. I’m taking vacation to recuperate from the 15-18
hour days I’ve been working on and off over the last 2 ½ months. I should
be posting for at least a month.
_____
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Elijah Insua
Sent: Friday, February 06, 2009 12:13 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] In hind sight
Michele,
just as a suggestion for the future.. could you keep all of these in the
same thread?
Thanks,
-- Elijah
2009/2/5 Peter Sawczynec <ps at blu-studio.com>
Sigh.
Warmest regards,
Peter Sawczynec
Technology Dir.
blūstudio
941.893.0396
ps at blu-studio.com <mailto:ps at sun-code.com>
www.blu-studio.com
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Michele Waldman
Sent: Thursday, February 05, 2009 5:47 PM
To: 'NYPHP Talk'
Subject: [nycphp-talk] In hind sight
In hind sight, I could have used mod_auth_mysql just as well as
mod_auth_digest/mysql using htaccess the way I do now.
Duh! But, it's considered more secure. So, no loss.
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090206/e4381323/attachment.html>
More information about the talk
mailing list