Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: Re: Mixing IP and password authentication

by jest (Pilgrim)
on Jan 18, 2004 at 00:03 UTC ( #322114=note: print w/replies, xml ) Need Help??

in reply to Re: Mixing IP and password authentication
in thread Mixing IP and password authentication

That's not fine-grained enough; as I said in my original post, it's not a simple yes or no. I might have several scripts in a particular directory which have differing levels of initial permissions, so a directory-level auth via Apache wouldn't work. Or other things along those lines.

  • Comment on Re: Re: Mixing IP and password authentication

Replies are listed 'Best First'.
Re: Re: Re: Mixing IP and password authentication
by waswas-fng (Curate) on Jan 18, 2004 at 00:10 UTC
    I am not saying use directory level permissions. My post does not assume a simple level of yes or no auth. I am saying use a session. If the user connects without a valid session pass him the the session creator. If the has access to the base app (via IP or whatever your base auth level is), then grant him a session and redirect back to the page he tried to hit. If the user then needs expanded access have a login page that verifies whatever auth you want and grants auth level tokens and stores them in his current session. This resolves the base users from getting user/pass auths while still allowing you to have fine grained auth privs for advanced users. Then your cgi can take a look at the session and form the pages and options to something that is acceptable for the auth privs that the session grants. Make sense?


Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://322114]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2022-01-17 16:08 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (51 votes). Check out past polls.