Webmaster forum - Access control

Author

Access control

WebGuy

2005-10-28, 6:40 pm

Hi,
Any suggestions as to the best option for access control
to a garden society website (not taken money)? We just
want to set up a private area and a public one with access
controlled for members only to the private part. Any
suggestions as to which is the best option?

Regards,

Richard Grove

2005-10-28, 6:40 pm

WebGuy wrote:
> Hi,
> Any suggestions as to the best option for access control
> to a garden society website (not taken money)? We just
> want to set up a private area and a public one with access
> controlled for members only to the private part. Any
> suggestions as to which is the best option?
>
> Regards,

..htaccess or build a login and verification system.
..htaccess is much easier though if there's no budget.

Richard Grove
www.redeyemedia.co.uk
www.shopmaker.co.uk

WebGuy

2005-10-28, 6:40 pm

Thank you Richard. I must say that is the fastest reply ever
to a question. The other option I found on the Net was to
use a PERL script from realtimescripts.com. I have yet to
access the website (seems to be down), but in the meantime
have you any opinions?

On Fri, 28 Oct 2005 14:28:43 +0100, Richard Grove
<nospamplease@redeyemedia.co.uk> wrote:

>WebGuy wrote:
>
>.htaccess or build a login and verification system.
>.htaccess is much easier though if there's no budget.
>
>Richard Grove
>www.redeyemedia.co.uk
>www.shopmaker.co.uk

Tina - AxisHOST, Inc.

2005-10-28, 6:40 pm

"WebGuy" <webguy@home.com> wrote in message
news:q894m1ltrrijrel9f7iitsmq4rr283r55s@4ax.com...
>
> Hi,
> Any suggestions as to the best option for access control
> to a garden society website (not taken money)? We just
> want to set up a private area and a public one with access
> controlled for members only to the private part. Any
> suggestions as to which is the best option?

..htaccess is the simplest of the actual secure methods.

Don't go with a javascript solution.

--Tina

Karim

2005-10-28, 6:40 pm

On Fri, 28 Oct 2005 14:24:05 +0100, WebGuy wrote:

> Hi,
> Any suggestions as to the best option for access control
> to a garden society website (not taken money)? We just
> want to set up a private area and a public one with access
> controlled for members only to the private part. Any
> suggestions as to which is the best option?
>

it helps if you mention which web server your site is using. Using
..htaccess doesn't work in IIS.

--
Karim
http://www.cheapesthosting.com - Innovative Web Hosting since 1998 .

WebGuy

2005-10-28, 6:40 pm

On Fri, 28 Oct 2005 09:12:08 -0700, Karim <karim3412@yahoo.moc> wrote:

>On Fri, 28 Oct 2005 14:24:05 +0100, WebGuy wrote:
>
>
>
>it helps if you mention which web server your site is using. Using
>.htaccess doesn't work in IIS.

We have yet to decide but it will be one of our members free
web space. Avoid Microsoft server is the answer I suppose?
I take it then that Unix or Apache are OK?

Dylan Parry

2005-10-28, 6:40 pm

Using a pointed stick and pebbles, WebGuy scraped:

> We have yet to decide but it will be one of our members free
> web space.

You'll be lucky to find a free host that supports things like that. Many
(if not all) ISPs that give you free space won't let you use .htaccess
and the likes.

--
Dylan Parry
http://electricfreedom.org -- Where the Music Progressively Rocks!

Nutritional Information: This post contains no added salt or sugar,
and is the only post proven to actually *lower* your cholesterol.

Matt Probert

2005-10-28, 6:40 pm

On Fri, 28 Oct 2005 09:12:08 -0700, Karim <karim3412@yahoo.moc> wrote:

> On Fri, 28 Oct 2005 14:24:05 +0100, WebGuy wrote:
>
>
>
> it helps if you mention which web server your site is using. Using
> .htaccess doesn't work in IIS.
>

Quite. Indeed .htaccess is an Apache http facility. There are lots of
other http servers.

Matt

--
The Probert Encyclopaedia
Over 235,000 definitions and descriptions
http://www.probertencyclopaedia.com

Karim

2005-10-28, 6:41 pm

On Fri, 28 Oct 2005 17:22:38 +0100, WebGuy wrote:

> On Fri, 28 Oct 2005 09:12:08 -0700, Karim <karim3412@yahoo.moc> wrote:
>
>
> We have yet to decide but it will be one of our members free
> web space. Avoid Microsoft server is the answer I suppose?
> I take it then that Unix or Apache are OK?

IIS supports authentication and authorization in different ways. It just
doesn't use .htaccess files like Apache. If you're looking for a free host,
most likely they will be using Apache.

--
Karim
http://www.cheapesthosting.com - Innovative Web Hosting since 1998 .

2005-10-28, 10:29 pm

"WebGuy" <webguy@home.com> wrote in message
news:etj4m1d7b8nvb6pdc6s79rsem68e11mfpb@4ax.com...
> On Fri, 28 Oct 2005 09:12:08 -0700, Karim <karim3412@yahoo.moc> wrote:
>
>
> We have yet to decide but it will be one of our members free
> web space. Avoid Microsoft server is the answer I suppose?
> I take it then that Unix or Apache are OK?

No - there are some good MS solutions, scripted. I personally would use an
MS solution as I can do it in about ten minutes, and I don't know where to
start with a Nix solution....

..net have some good and easy solutions - it depends on you and what ever
else you want to do ...

G

nospam@geniegate.com

2005-10-31, 6:44 pm

In: <q894m1ltrrijrel9f7iitsmq4rr283r55s@4ax.com>, WebGuy <webguy@home.com> wrote:
>
>Hi,
>Any suggestions as to the best option for access control
>to a garden society website (not taken money)? We just
>want to set up a private area and a public one with access
>controlled for members only to the private part. Any
>suggestions as to which is the best option?

How many members?

If it's just a handful and you don't need a "logout" link, go the .htaccess
route, the others are correct, it is easier to set up. (piece of cake really)

One thing to keep in mind, .htaccess approach DOES support groups. I say this
because there is this a natural tendancy for people to create several password
files for different areas. You really only want ONE password file so that
updates and removals are easier. If you find a need for multiple password
files, check into groups. (It's just a simple text file with .htaccess)

If you have a lot of members, a need to do it in an automated way or the need
to track other information (such as names & addresses) my stuff should work
nicely. It's free with text-links, but if you're a web developer, I'd be willing
to work out a trade so you wouldn't have to put them in. (contact if interested)

The real bear with most any membership type application is that every script
out there is going to have it's own idea of "logging in". Making them "play nice"
is a bit challenging. This is where standard "HTTP based authentication" works well,
it's standard. .htaccess uses it, as do some PHP scripts. (mine included, but there
are many others available in any given script directory)

Downside with "HTTP based" (or .htaccess as it's usually called) is that you can't
really "log out". Overall, I like HTTP based because it's convenient and works
well with other languages (like perl)

See: http://geniegate.com/manual/softwar...e/v1.1.0/apas04

For my little blurb about the downside of ".htaccess" based authentication. I'd
say most of the time it's not an issue, but it's best to be aware of it at the
start, just in case it ever becomes a problem. (I used HTTP based once, the
customer THEN asked for a logout function, I was pretty well up the creek at
that point)

There is also "digest" authentication, I don't support it in my stuff, but
_when_ it works, it has the potential to be a lot more secure. The research
I've read indicates that many browsers will send both headers, defeating the
whole purpose. By the time a browser sends the credentials.. it's too late
to do anything about it. Maybe terminate the account, but thats a bit extreme..

Jamie
--
http://www.geniegate.com Custom web programming
guhzo_42@lnubb.pbz (rot13) User Management Solutions