Re: Web site authentication -- WEB400

Subject: Re: Web site authentication
From: "Raul A. Jager W." <raul@xxxxxxxxxx>
Date: Tue, 28 Aug 2007 08:48:39 -0400
List-archive: <http://archive.midrange.com/web400>
List-help: <mailto:web400-request@midrange.com?subject=help>
List-id: Web Enabling the AS400 / iSeries <web400.midrange.com>
List-post: <mailto:web400@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/web400>, <mailto:web400-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/web400>, <mailto:web400-request@midrange.com?subject=unsubscribe>

For most we use the "Basic" autentication, but in a proyect to enable clients to access the system I'm using a file with the e-mail as key and the password as an encription key.
When the user tipes the proper password, the data gest decripted ok, otherwise there is no way to recover the password (at least I think so, except for exaustive trial).

Walden H. Leverich wrote:

Mike,

All the apps we're doing use our own authentication, specifically we're
checking "username" and "password" in a table that represents the
customer/vendors/users/etc. We've found that to be the most flexible
since it allows us to record any attributes about the login we care to
such as enabled/disabled, force password change, invalid attempts, last
login date/time/ip, etc.

As for session management, we're using a browser-cookie to record
"session", but I'm curious what you mean by "persistent sessions".

-Walden

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.