Re: [SLUG] Passwords on the web

From: Chad Perrin (perrin@apotheon.com)
Date: Fri Sep 24 2004 - 13:18:01 EDT

Next message: Christopher Hotchkiss: "Re: [SLUG] Passwords on the web"
Previous message: Eben King: "Re: [SLUG] no time..."
In reply to: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Next in thread: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Reply: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Bryan J. Smith wrote:
> On Thu, 2004-09-23 at 23:41, Paul M Foster wrote:
>
>>I've got to provide a low-security password scheme for a customer
>>website. The customer has an xBase database on the site which will
>>contain usernames and passwords. We aren't going to bother with SSL
>
>
> Considering it is fairly transparent, I'm curious why not?
> Performance?
>
>
>>or try to avoid having passwords in the clear. The users will be in the
>>hundreds and will change from week to week. The access being managed
>>isn't important enough to have a bulletproof system. We're only
>>restricting access to certain webpages.
>>Most of the ways I've seen to manage this are too cumbersome. For
>>example, using .htaccess and .htpasswd files under HTTP would be nearly
>>impossible, given the above parameters (for example, hundreds of
>>constantly changing users).
>>Has anyone seen a good solution, limited to CGI, Python or PHP?
>
>
> I don't see why you can't use the .htaccess files with at least digest
> authentication. You can manage the .htaccess file externally.
>
> Or you could also tap an external method for authentication directly.
> There are countless packages or vendor solutions to do this.
>
>

I suspect they don't want to play for SSL management with a webhost, and
it's possible that they don't have easy access to .htaccess files by way
of (for instance) PERL/CGI scripts (which would be the simple way to
manage .htaccess permissions through a web interface).

Still, a reasonably secure permissions system can be written in either
PERL (for the cgi-bin) or PHP without too much difficulty. Unless
you're planning on running most of the site through the cgi-bin, though,
I'd probably recommend using PHP for this task. PHP actually includes
some tools specifically for designing secure access management into a
website, and they work fairly well.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Christopher Hotchkiss: "Re: [SLUG] Passwords on the web"
Previous message: Eben King: "Re: [SLUG] no time..."
In reply to: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Next in thread: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Reply: Bryan J. Smith: "Re: [SLUG] Passwords on the web"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:00:44 EDT