Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Mixing IP and password authentication

by waswas-fng (Curate)
on Jan 17, 2004 at 22:55 UTC ( #322097=note: print w/replies, xml ) Need Help??


in reply to Mixing IP and password authentication

Use a session. Everyone who access via a allowed IP can use the system. Users that need a elevated access, need to click on a login link that auths them then changes the session keys to show they are elevated.


-Waswas
  • Comment on Re: Mixing IP and password authentication

Replies are listed 'Best First'.
Re: Re: Mixing IP and password authentication
by jest (Pilgrim) on Jan 18, 2004 at 00:03 UTC

    That's not fine-grained enough; as I said in my original post, it's not a simple yes or no. I might have several scripts in a particular directory which have differing levels of initial permissions, so a directory-level auth via Apache wouldn't work. Or other things along those lines.

      I am not saying use directory level permissions. My post does not assume a simple level of yes or no auth. I am saying use a session. If the user connects without a valid session pass him the the session creator. If the has access to the base app (via IP or whatever your base auth level is), then grant him a session and redirect back to the page he tried to hit. If the user then needs expanded access have a login page that verifies whatever auth you want and grants auth level tokens and stores them in his current session. This resolves the base users from getting user/pass auths while still allowing you to have fine grained auth privs for advanced users. Then your cgi can take a look at the session and form the pages and options to something that is acceptable for the auth privs that the session grants. Make sense?


      -Waswas

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://322097]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2022-05-18 07:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (68 votes). Check out past polls.

    Notices?