FrontPage Programming - Dumb Question Regarding Password & Sessions

Author

Dumb Question Regarding Password & Sessions

Dumb Question

2005-03-21, 6:52 pm

Okay...I cant figure this one out but then again I'm not
much of a programmer.

I have a website that the security is constructed in this
manner:

Login Page - Submits to Validation Page
Validation Page - Checks database for User/Password
Verified users are past to the requested URL.

I have 1 database with:
1 records table
1 Admin LogIN
1 Client LogON

The Admin can edit records and perform Admin duties with
no problems.

Clients can log on and view account info by entering
their account name.

The problem is even though the two LOGIN (Admin) & LOGON
(Client) pages are validating the user/pass out of
different tables...once validated the Client can click
the Admin LOGIN link and become the Admin...obviuosly
this will not work...sooo

The dumb question is ...how do I fix this mess ?

Would placing the Client page in a different directory
make a differnce..etc?

Thanks

Kevin Spencer

2005-03-21, 6:52 pm

The problem with your question is that you have enumerated the business
requirements of your app, but nothing about the app itself. There are all
kinds of ways to do security, and all kinds of programming technologies to
do them with. Describing the interface of an application tells you about as
much about the app as describing the part of an iceberg that you can see
tells you about the iceberg.

For example, is this ASP, PHP, CGI, CF, or what? And HOW does it work?

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.

"Dumb Question" <anonymous@discussions.microsoft.com> wrote in message
news:079301c52e4d$de657e00$a501280a@phx.gbl...
> Okay...I cant figure this one out but then again I'm not
> much of a programmer.
>
> I have a website that the security is constructed in this
> manner:
>
> Login Page - Submits to Validation Page
> Validation Page - Checks database for User/Password
> Verified users are past to the requested URL.
>
> I have 1 database with:
> 1 records table
> 1 Admin LogIN
> 1 Client LogON
>
> The Admin can edit records and perform Admin duties with
> no problems.
>
> Clients can log on and view account info by entering
> their account name.
>
> The problem is even though the two LOGIN (Admin) & LOGON
> (Client) pages are validating the user/pass out of
> different tables...once validated the Client can click
> the Admin LOGIN link and become the Admin...obviuosly
> this will not work...sooo
>
> The dumb question is ...how do I fix this mess ?
>
> Would placing the Client page in a different directory
> make a differnce..etc?
>
> Thanks

Dumb Question

2005-03-21, 6:52 pm

"Enumerated", impressive Kevin...MVP.

>-----Original Message-----
>The problem with your question is that you have
enumerated the business
>requirements of your app, but nothing about the app
itself. There are all
>kinds of ways to do security, and all kinds of
programming technologies to
>do them with. Describing the interface of an application
tells you about as
>much about the app as describing the part of an iceberg
that you can see
>tells you about the iceberg.
>
>For example, is this ASP, PHP, CGI, CF, or what? And HOW
does it work?
>
>--
>HTH,
>
>Kevin Spencer
>Microsoft MVP
>..Net Developer
>What You Seek Is What You Get.
>
>"Dumb Question" <anonymous@discussions.microsoft.com>
wrote in message
>news:079301c52e4d$de657e00$a501280a@phx.gbl...
not[color=darkred]
this[color=darkred]
with[color=darkred]
LOGON[color=darkred]
>
>
>.
>

Mike Mueller

2005-03-21, 6:52 pm

I am going to guess that you are using the standard ASP
based validation- you get a username and password from a
form, check it against the database, and give a session
variable to those who pass the test. Your secured pages
have an asp script which checks for the session variable

I use that same basic method, as do countless others. What
I added was a field in the table for security level. This
would be either admin or client. On the validate page the
sql statement pulls that value and places it into the
variable. Then the secured pages can tell if it is a client
or an admin when it checks.

"Dumb Question" <anonymous@discussions.microsoft.com> wrote
in message news:079301c52e4d$de657e00$a501280a@phx.gbl...
: Okay...I cant figure this one out but then again I'm not
: much of a programmer.
:
: I have a website that the security is constructed in this
: manner:
:
: Login Page - Submits to Validation Page
: Validation Page - Checks database for User/Password
: Verified users are past to the requested URL.
:
: I have 1 database with:
: 1 records table
: 1 Admin LogIN
: 1 Client LogON
:
: The Admin can edit records and perform Admin duties with
: no problems.
:
: Clients can log on and view account info by entering
: their account name.
:
: The problem is even though the two LOGIN (Admin) & LOGON
: (Client) pages are validating the user/pass out of
: different tables...once validated the Client can click
: the Admin LOGIN link and become the Admin...obviuosly
: this will not work...sooo
:
: The dumb question is ...how do I fix this mess ?
:
: Would placing the Client page in a different directory
: make a differnce..etc?
:
: Thanks

Kevin Spencer

2005-03-22, 6:35 pm

What? You have a problem with my vocabulary? It's how I talk. Sorry if it
bothers you. Perhaps I should dumb it down so that I don't offend people
like yourself.

BTW, coz u didn't give me the stuff I axed for, i can not help u more.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.

"Dumb Question" <anonymous@discussions.microsoft.com> wrote in message
news:231a01c52e52$cf893980$a401280a@phx.gbl...[color=darkred]
> "Enumerated", impressive Kevin...MVP.
>
>
> enumerated the business
> itself. There are all
> programming technologies to
> tells you about as
> that you can see
> does it work?
> wrote in message
> not
> this
> with
> LOGON