Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

web client authentication via cgi script

 [1/5] from: jjmmes::yahoo::es at: 31-Jul-2003 17:30


Hi, Has anybody put together REBOL code that authenticates browser clients and allows for stateless navigation via cookies ? FYI, there is an excellent paper on this very topic that also outlines how vulnerable many sites are --> Dos and don'ts of client authentication on the web at http://cookies.lcs.mit.edu Regards jose

 [2/5] from: andrew:martin:colenso:school at: 1-Aug-2003 8:10


jose wrote:
> Has anybody put together REBOL code that authenticates browser clients
and allows for stateless navigation via cookies ? I'm puzzled. I thought the web and navigating through links to web pages was inherently stateless? I was under the impression that one uses cookies to keep track of which user is browsing the pages and to customise the experience (like greeting the user by name, and laying out the page according to their preferences)? Andrew J Martin Attendance Officer & Information Systems Trouble Shooter Colenso High School Arnold Street, Napier. Tel: 64-6-8310180 ext 826 Fax: 64-6-8336759 http://colenso.net/scripts/Wiki.r?AJM http://www.colenso.school.nz/ DISCLAIMER: Colenso High School and its Board of Trustees is not responsible (or legally liable) for materials distributed to or acquired from user e-mail accounts. You can report any misuse of an e-mail account to our ICT Manager and the complaint will be investigated. (Misuse can come in many forms, but can be viewed as any material sent/received that indicate or suggest pornography, unethical or illegal solicitation, racism, sexism, inappropriate language and/or other issues described in our Acceptable Use Policy.) All outgoing messages are certified virus-free by McAfee GroupShield Exchange 5.10.285.0 Phone: +64 6 843 5095 or Fax: +64 6 833 6759 or E-mail: [postmaster--colenso--school--nz]

 [3/5] from: SunandaDH:aol at: 31-Jul-2003 16:17


Jose:
> Has anybody put together REBOL code that authenticates > browser clients and allows for stateless navigation > via cookies ?
Exactly what I'm working on at the moment! Once a user has logged on and identified themselves, I'm using a cookie to know who they are, and serve them appropriate content. I'm still working basically stateless as I don't need any context other than their identifying cookie. That article was very useful -- essentially confirmed that I'd thought through all the security issues and dreamt up something that should work. Thanks! Sunanda.

 [4/5] from: jjmmes:y:ahoo:es at: 1-Aug-2003 10:14


Hi Sunanda, Can you share the code ? I don't want to reinvent the wheel. Thanks Jose --- [SunandaDH--aol--com] escribió: > Jose:

 [5/5] from: jjmmes:ya:hoo:es at: 1-Aug-2003 10:11


> I'm puzzled. I thought the web and navigating > through links to web pages > was inherently stateless?
Yes, HTTP is stateless. What I meant is that you can: 1) authenticate and mantain server state: authenticate a user and then have a session id or 2) authenticate and do not mantain server state: you can put the necessary info in the cookie (authenticator info) and track the user this way I'm looking for approach 2, which is more scalable.