[Buffalo-pm] User Management + Session Management

Mon Aug 11 10:59:00 CDT 2003

You might want to take this approach:

Have a login script that accepts a user name and password that goes against
a database table with user name and password information in it.  (Side note:
Don't forget to password protect your databases.)  Authenticate the user and
store some session information.  The way you store session information is up
to you.  You can store it as a cookie (not reccomended), as session
variables, you could figure out a way to store information in a file on the
server, or some other way you think up.

The one thing you would have to do is at the beginning of every script is to
check if the user has logged in or not through checking the "session"
variables that you have set up.  If the user has not logged in then you
should send them to an unauthorized error page, and if the user is
authorized then the script should go on it's happy way and run.

This may sound a bit vauge but I tried to abstract away from any definites
because the implementation of authorized access is up to you.  If anyone
else has any insights on this please respond, as I would like to know
different approaches to this problem.

-------------------------------------------------------------
Andrew Potozniak
Administrative Computing
Student Assistant
State University of New York at Buffalo
-------------------------------------------------------------

"All that is visible must grow beyond itself; extend into the realm of the
invisible."  (TRON 1982)

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

> -----Original Message-----
> From: Vikas [mailto:vvikas at cse.Buffalo.EDU]
> Sent: Monday, August 11, 2003 10:26 AM
> To: Potozniak, Andrew
> Cc: buffalo-pm at mail.pm.org
> Subject: RE: [Buffalo-pm] User Management + Session Management
> 
> 
> Sorry but you cannot view it .. its running on internal network.
> 
> But its just a bunch of cgi programs (no mod_perl), just plain cgi ...
> 
> and we need to do that over and above all this ...basically 
> this will help
> data management for users.
> 
> 
> 
> On Mon, 11 Aug 2003, Potozniak, Andrew wrote:
> 
> > Do you have the existing software up and running in a place 
> that we could
> > view it?
> >
> > -------------------------------------------------------------
> > Andrew Potozniak
> > Administrative Computing
> > Student Assistant
> > State University of New York at Buffalo
> > -------------------------------------------------------------
> >
> > "All that is visible must grow beyond itself; extend into 
> the realm of the
> > invisible."  (TRON 1982)
> >
> >
> > -----Original Message-----
> > From: Vikas [mailto:vvikas at cse.Buffalo.EDU]
> > Sent: Monday, August 11, 2003 10:13 AM
> > To: Potozniak, Andrew
> > Cc: buffalo-pm at mail.pm.org
> > Subject: RE: [Buffalo-pm] User Management + Session Management
> >
> >
> > Dear Andrew,
> >
> > Actually I have to implement a user management layer 
> through which people
> > can login and save data to their account and logout. There 
> needs to be a
> > quota limit to restrict misuse. All this needs to be done 
> in Perl/CGI.
> >
> > Since the  software already exists and this user management 
> has to go
> > above it, I need to find some way of not changing the code 
> too much and
> > implement this thing.
> >
> > Any help with design of the framework would be very nice as 
> I don't want
> > to leave some security loophole or miss something which may 
> cost a lot to
> > change later on.
> >
> > Thanks.
> >
> > Regards,
> > Vikas.
> >
> > On Mon, 11 Aug 2003, Potozniak, Andrew wrote:
> >
> > > I might be able to help you out with this as I have done 
> something similar
> > > in ASP before.  The concepts are the same and the only 
> difference is the
> > > language that you would be doing this in.  What exactly 
> are you trying to
> > do
> > > as your e-mail wasn't too descriptive.
> > >
> > > -------------------------------------------------------------
> > > Andrew Potozniak
> > > Administrative Computing
> > > Student Assistant
> > > State University of New York at Buffalo
> > > -------------------------------------------------------------
> > >
> > > "All that is visible must grow beyond itself; extend into 
> the realm of the
> > > invisible."  (TRON 1982)
> > >
> > >
> > > -----Original Message-----
> > > From: Vikas [mailto:vvikas at cse.buffalo.edu]
> > > Sent: Sunday, August 10, 2003 1:18 PM
> > > To: buffalo-pm at mail.pm.org
> > > Subject: [Buffalo-pm] User Management + Session Management
> > >
> > >
> > > hi,
> > >
> > > I am trying to implement a user management system for a 
> web based software
> > > using Perl/CGI. I have MySQL as the backend. After a 
> brief study I guess
> > > CGI::Session + Template Toolkit seems to be a good 
> combination but the
> > > user database design seems to have a lot of parameters. 
> Can any one give
> > > me pointers in the direction of developing this kind of 
> system. I looked
> > > at a software called BURP but not great help.
> > >
> > > The system has user registration, login, quota, storage space etc.
> > >
> > > Thanks.
> > >
> > > Regards,
> > > Vikas.
> > > _______________________________________________
> > > Buffalo-pm mailing list
> > > Buffalo-pm at mail.pm.org
> > > http://mail.pm.org/mailman/listinfo/buffalo-pm
> > >
> >
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > Vikas
> > Department of Computer Science & Engineering
> > State University of New York, University at Buffalo
> > Buffalo, NY 14260
> > http://www.cse.buffalo.edu/~vvikas
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> 
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> Vikas
> Department of Computer Science & Engineering
> State University of New York, University at Buffalo
> Buffalo, NY 14260
> http://www.cse.buffalo.edu/~vvikas
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> 