From owner-freebsd-isp Sat May 4 9:42: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.britesite.net (mx1.britesite.net [63.175.65.10]) by hub.freebsd.org (Postfix) with ESMTP id B6EB737B405 for ; Sat, 4 May 2002 09:41:51 -0700 (PDT) Received: from stranger (dsl-209-81-146-23.dsl.iwc.net [209.81.146.23]) by mx1.britesite.net (8.11.6/8.11.6) with SMTP id g44Gf9D41576; Sat, 4 May 2002 11:41:09 -0500 (CDT) (envelope-from lanshark@bsinet.net) Message-ID: <015001c1f38a$d11671b0$0201a8c0@britesiteinet.net> From: "Edward Shabotinsky" To: , "Jorge Biquez" References: <5.1.0.14.2.20020504103436.025a9450@icsmx.com> Subject: Re: OFF-Topic.Restricting access to pages. Date: Sat, 4 May 2002 11:43:27 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org See if this may help you out http://www.freevsd.org/ Edward Shabotinsky Systems Engineer BritesiteINet Inc. --------------------------------- www.britesite.net lanshark@bsinet.net ---------------------------------- ----- Original Message ----- From: "Jorge Biquez" To: Sent: Saturday, May 04, 2002 10:45 AM Subject: OFF-Topic.Restricting access to pages. > Hello all. > I'm sorry this is off topic. > A friend from the speaking Spanish list asked me to post this here to know > your comments and advice. > She is on a project where she needs to restrict access to certain part of a > site according to certain user category. Now there are not too many users > but in the future could be more and could be lot of movement on the users, > changing the permissions to what they can or can not see and access on the > site. She thought on solve the problem with the htacess access feature from > Apache. But with this solution she does not know how to control easily the > maintenance of users that access the site. > The other solution we were talking (I'm trying to help her) is to develop > some validation with PHP and a database, construct all pages on the fly > according to permissions. We know this could be a more extensive solution > and that will require more time and resources. > We know that both solutions could work but we are worried (since we have > never done it before) on the security. I man, if users consult the pages, > let's say on a public library , the complete path of the pages will be in > the history of the browser user. Teorically a user could see the history > and enter the site without being asked again for the user and password. Is > that right? Any ideas on other options to look? > > Thanks in advance. > > JB > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message