|
-
Oct 25th, 2002, 09:27 AM
#1
Thread Starter
Addicted Member
Authorising web page access
I am designing a web site that requires certain areas of the web site to be restricted. While it is necessary to have some sort of authorisation procedures, it is not necessary to go over the top. The information held in that area is not particularly sensitive - but should be held away from others.
Can anybody suggest any good techniques for securing areas of sites. The only requirement is that the user must use a logon screen to identify themselves.
BTW It is a java based site (JSP, javascript, servlets).
Thanks in advance
HD
-
Oct 26th, 2002, 08:25 AM
#2
A username and a password?
-
Oct 26th, 2002, 08:26 AM
#3
I really hope I've clearly understood your post...
You can store usernames and passwords in a database, and then verify it when the user enters these.
-
Oct 26th, 2002, 03:14 PM
#4
Thread Starter
Addicted Member
Yeah, Ok. Sorry should have explained better.
That was part of it, but the other part was that I need to make sure that authorisation is given to access the subsequent pages. I suppose my question is about how to continue to pass this data and continue to authorise the user while they are accessing an 'area' of the site.
This is a bit garbled but hopefully you know what I mean.
Thanks
HD
-
Oct 27th, 2002, 12:47 AM
#5
Right, so you want session tracking.
After the user enters the username and password, and you have verified it on the next page...
Code:
//verify.asp
//code to verify that. If the username and password are correct, you create a session var like this
<%
String abc = request.getParameter( "username" );
session.setAttribute( "sessionperson", abc );
%>
Now that you've created a session variable named 'sessionperson', you can check this on all pages of the site, for validity. Now let's say that this person clicks on a link, which goes to a page to which you wanted only authorized access. On the top of the page you put this:
Code:
//shampoo.asp
<% if len(session.getAttribute("sessionperson") > 0 then %>
ALLL your html code here
<% else
%>
This is the message unauthorized users will get if they try to access this page
<%
end if
%>
Later, when you want to 'logout' the person, you just use this
Code:
//logout.asp
<%
session.invalidate()
%>
Hope that helped, though my knowledge of JSP is severely limited.
-
Oct 28th, 2002, 04:43 AM
#6
Thread Starter
Addicted Member
Thanks for that. JSP is a little different, but not too much.
Again, thanks
HD
-
Oct 28th, 2002, 06:58 AM
#7
-
Oct 31st, 2002, 10:26 AM
#8
Thread Starter
Addicted Member
Somewhere I heard you can use Windows authentication in order to secure web pages. I've looked at setting file/folder permissions for those files you do not wish to be accessible, but this just displays a "Page not found" error when you try to access it.
If anyone can help I'm looking for a way to use Windows to authorise users. For example, when accessing a page, it displays a login dialog box for the user to complete.
Thanks again.
HD
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
