0

I have written a web-site using CuteSite Builder and would now like to have a page for members only. The programme offers page password protection with php and/or asp. I have tried to load these via the HTML insertion feature but nothing seems to work. Any advice welcomed. (Windows XP/3) Ta, Tez

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by benivere
0

One simple way is to use database tables for users and user authentication. User authentication is a token created by your stored procedures / PHP code.

You can either store the authentication within the HTML page (required if the user has disabled cookies, in which case consider HTTPS), or the PHP global session array. As the user requests a web page, the code attempts to retrieve the user authentication token, which is the key to unlocking the restricted content. You can also enhance your security by making the user token a parameter to your stored procedures so your backend code can help enforce authorization and timeouts.

In your stored procedures, make sure all access to restricted content is prefaced by a call to a ValidateAuthentication stored procedure, which both validates the token and "touches" the timer so a timeout value can be set and enforced (mostly a security issue, ensuring someone doesn't accidentally leave a browser open for lengthy periods, and for helping avoid hacking attempts that might lag).

Note the encouragement to use stored procedures. This provides extra protection from code injection and makes sure that all client applications follow the same rules for content access.

It takes a few steps, but proves useful for implementing application based security.

There are other methods, of course. This method places the burden, and the flexibility of managing access to restricted content withing the control of your application (using database parameters in the above case).

Hope this helps.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.