Best way to make secure logon for section of site.

Hi, What are various ways and the best way to make a secure section of a web
site?

Example:

I need two secure areas:
1.. all members, and
2.. conference attendees so that they can access presentations.
I also would like to institute forms for online membership
applications/renewals and online meeting registration.

Do I need a database? Or can I do it somehow with a text file and
javascript?...

I guess I am looking for the simplest way.

thanks,

Dan V. wrote:

Quote:

Hi, What are various ways and the best way to make a secure section of a
web site?

Using SSL (HTTPS) for communication between browsers and the server, and
some script (written by someone who knows how to write server side scripts
securely[1]) that accepts the credentials and then gives access to the
information (or otherwise). The best options (and thus the specifiecs)
generally depend on the capabilities of your server.

Quote:

Do I need a database?

No, but it makes things simpler.

Quote:

Or can I do it somehow with a text file and
javascript?...

You could using SERVER SIDE JavaScript, but that is pretty uncommon stuff.
Client side JavaScript is not usful in any way for security.


--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Fri, 21 Oct 2005 08:36:48 +0100 from David Dorward
<dorward (AT) yahoo (DOT) com>:

Quote:

Using SSL (HTTPS) for communication between browsers and the server, and
some script (written by someone who knows how to write server side scripts
securely[1]) that accepts the credentials and then gives access to the
information (or otherwise).

The footnote didn't come through in my copy of your article. :-)

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't Help You:
http://diveintomark.org/archives/200..._wont_help_you

On Thu, 20 Oct 2005 21:30:14 -0400, "Dan V." <d@d.com> wrote:

Quote:

Hi, What are various ways and the best way to make a secure section of a web
site?

Example:

I need two secure areas:
1.. all members, and
2.. conference attendees so that they can access presentations.
I also would like to institute forms for online membership
applications/renewals and online meeting registration.

Do I need a database? Or can I do it somehow with a text file and
javascript?...

I guess I am looking for the simplest way.

If the site is running on Apache, then .htaccess files and .passwd files
are pretty simple. I presume the Infernal Infection Spreader has
something similar.

--
Stephen Poley

http://www.xs4all.nl/~sbpoley/webmatters/

Stephen Poley wrote:

Quote:

If the site is running on Apache, then .htaccess files and .passwd files
are pretty simple. I presume the Infernal Infection Spreader has
something similar.

Unless your provider for some weird reason doesn't have htaccess on...
So I used php with sessions on my own site. Just create a session based
on login credentials and use a "if session is true" to encapsulate all
content that needs protection. It's pretty easy once you get the hang of it.

On Fri, 21 Oct 2005 20:03:56 +0200, TomB
<drumscum (AT) dusk-metal (DOT) kicks-ass.org> wrote:

Quote:

Stephen Poley wrote:
If the site is running on Apache, then .htaccess files and .passwd files
are pretty simple. I presume the Infernal Infection Spreader has
something similar.

Unless your provider for some weird reason doesn't have htaccess on...
So I used php with sessions on my own site. Just create a session based
on login credentials and use a "if session is true" to encapsulate all
content that needs protection. It's pretty easy once you get the hang of it.

Probably quite a lot disable .htaccess (due to actual or feared
performance issues), but I would expect most of them not to provide PHP
either. PHP on and .htaccess off strikes me as a little unusual, but
apparently it happens!

--
Stephen Poley

http://www.xs4all.nl/~sbpoley/webmatters/

On Fri, 21 Oct 2005, Stephen Poley wrote:

Quote:

Probably quite a lot disable .htaccess (due to actual or feared
performance issues), but I would expect most of them not to provide PHP
either. PHP on and .htaccess off strikes me as a little unusual, but
apparently it happens!

Some service providers have weird ideas, it seems. I dealt with one
chap whose service provider allowed him to provide his own CGI
scripts, but didn't allow the configuration entry for a simple 301
redirection!

So he was writing a CGI script whose only purpose, on being cranked
laboriously into action, was to emit an HTTP 301 redirection status
and Location: URL. Sigh.