[Buffalo-pm] User Management + Session Management

Vikas vvikas at cse.Buffalo.EDU
Tue Aug 12 11:21:22 CDT 2003 

Thanks Andrew. I have a better feel of the topic now and will start
working on the implementation aspect.

Regards,
Vikas.

On Mon, 11 Aug 2003, Potozniak, Andrew wrote:

> You might want to take this approach:
>
> Have a login script that accepts a user name and password that goes against
> a database table with user name and password information in it.  (Side note:
> Don't forget to password protect your databases.)  Authenticate the user and
> store some session information.  The way you store session information is up
> to you.  You can store it as a cookie (not reccomended), as session
> variables, you could figure out a way to store information in a file on the
> server, or some other way you think up.
>
> The one thing you would have to do is at the beginning of every script is to
> check if the user has logged in or not through checking the "session"
> variables that you have set up.  If the user has not logged in then you
> should send them to an unauthorized error page, and if the user is
> authorized then the script should go on it's happy way and run.
>
> This may sound a bit vauge but I tried to abstract away from any definites
> because the implementation of authorized access is up to you.  If anyone
> else has any insights on this please respond, as I would like to know
> different approaches to this problem.
>
> -------------------------------------------------------------
> Andrew Potozniak
> Administrative Computing
> Student Assistant
> State University of New York at Buffalo
> -------------------------------------------------------------
>
> "All that is visible must grow beyond itself; extend into the realm of the
> invisible."  (TRON 1982)
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>
>
> > -----Original Message-----
> > From: Vikas [mailto:vvikas at cse.Buffalo.EDU]
> > Sent: Monday, August 11, 2003 10:26 AM
> > To: Potozniak, Andrew
> > Cc: buffalo-pm at mail.pm.org
> > Subject: RE: [Buffalo-pm] User Management + Session Management
> >
> >
> > Sorry but you cannot view it .. its running on internal network.
> >
> > But its just a bunch of cgi programs (no mod_perl), just plain cgi ...
> >
> > and we need to do that over and above all this ...basically
> > this will help
> > data management for users.
> >
> >
> >
> > On Mon, 11 Aug 2003, Potozniak, Andrew wrote:
> >
> > > Do you have the existing software up and running in a place
> > that we could
> > > view it?
> > >
> > > -------------------------------------------------------------
> > > Andrew Potozniak
> > > Administrative Computing
> > > Student Assistant
> > > State University of New York at Buffalo
> > > -------------------------------------------------------------
> > >
> > > "All that is visible must grow beyond itself; extend into
> > the realm of the
> > > invisible."  (TRON 1982)
> > >
> > >
> > > -----Original Message-----
> > > From: Vikas [mailto:vvikas at cse.Buffalo.EDU]
> > > Sent: Monday, August 11, 2003 10:13 AM
> > > To: Potozniak, Andrew
> > > Cc: buffalo-pm at mail.pm.org
> > > Subject: RE: [Buffalo-pm] User Management + Session Management
> > >
> > >
> > > Dear Andrew,
> > >
> > > Actually I have to implement a user management layer
> > through which people
> > > can login and save data to their account and logout. There
> > needs to be a
> > > quota limit to restrict misuse. All this needs to be done
> > in Perl/CGI.
> > >
> > > Since the  software already exists and this user management
> > has to go
> > > above it, I need to find some way of not changing the code
> > too much and
> > > implement this thing.
> > >
> > > Any help with design of the framework would be very nice as
> > I don't want
> > > to leave some security loophole or miss something which may
> > cost a lot to
> > > change later on.
> > >
> > > Thanks.
> > >
> > > Regards,
> > > Vikas.
> > >
> > > On Mon, 11 Aug 2003, Potozniak, Andrew wrote:
> > >
> > > > I might be able to help you out with this as I have done
> > something similar
> > > > in ASP before.  The concepts are the same and the only
> > difference is the
> > > > language that you would be doing this in.  What exactly
> > are you trying to
> > > do
> > > > as your e-mail wasn't too descriptive.
> > > >
> > > > -------------------------------------------------------------
> > > > Andrew Potozniak
> > > > Administrative Computing
> > > > Student Assistant
> > > > State University of New York at Buffalo
> > > > -------------------------------------------------------------
> > > >
> > > > "All that is visible must grow beyond itself; extend into
> > the realm of the
> > > > invisible."  (TRON 1982)
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Vikas [mailto:vvikas at cse.buffalo.edu]
> > > > Sent: Sunday, August 10, 2003 1:18 PM
> > > > To: buffalo-pm at mail.pm.org
> > > > Subject: [Buffalo-pm] User Management + Session Management
> > > >
> > > >
> > > > hi,
> > > >
> > > > I am trying to implement a user management system for a
> > web based software
> > > > using Perl/CGI. I have MySQL as the backend. After a
> > brief study I guess
> > > > CGI::Session + Template Toolkit seems to be a good
> > combination but the
> > > > user database design seems to have a lot of parameters.
> > Can any one give
> > > > me pointers in the direction of developing this kind of
> > system. I looked
> > > > at a software called BURP but not great help.
> > > >
> > > > The system has user registration, login, quota, storage space etc.
> > > >
> > > > Thanks.
> > > >
> > > > Regards,
> > > > Vikas.
> > > > _______________________________________________
> > > > Buffalo-pm mailing list
> > > > Buffalo-pm at mail.pm.org
> > > > http://mail.pm.org/mailman/listinfo/buffalo-pm
> > > >
> > >
> > > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > Vikas
> > > Department of Computer Science & Engineering
> > > State University of New York, University at Buffalo
> > > Buffalo, NY 14260
> > > http://www.cse.buffalo.edu/~vvikas
> > > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > >
> >
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > Vikas
> > Department of Computer Science & Engineering
> > State University of New York, University at Buffalo
> > Buffalo, NY 14260
> > http://www.cse.buffalo.edu/~vvikas
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
>

++++++++++++++++++++++++++++++++++++++++++++++++++++
Vikas
Department of Computer Science & Engineering
State University of New York, University at Buffalo
Buffalo, NY 14260
http://www.cse.buffalo.edu/~vvikas
++++++++++++++++++++++++++++++++++++++++++++++++++++

More information about the Buffalo-pm mailing list