[ back to toc ]

Password Protection

Date: 2002/01/16 11:09

Q:
I am lo*NAME-DELETED*ing for way to password protect certain directories and files. I
want the user session to last for a few seconds...(like 3-5 secs.) after
which the user will be prompted to login again if they decide to reload
the page. I will like it to be a perl cgi script but it could be any cgi
script or php. I have the username/passwords in UNIX (username:encrypted
password) format. I don't really need a way to maintain the
usernames/password... just check against it. Any ideas would be
appreciated.
A:
What is the reason to have such a short authentication time frame? Seems
to be useless.

Why do not you use co*NAME-DELETED*ies?

Regards,
Peter

The computer is shared by many users and they sometimes forget to logout.
This is why the login needs to come in seconds. Here is what I am lo*NAME-DELETED*ing
for. The user should login to view any page in a password protected
directory. After few seconds if they want to view the same page or any
other page within the directory they will be ask to login again. The time
should be ajustable.
Q:
A:
Even in that case I would recommend to have at least a few minutes of
timeout instead of few seconds.

You have to send co*NAME-DELETED*ies to the client after the successful
authentication. You can set the expiry of the co*NAME-DELETED*ies. However some
experienced users may send a co*NAME-DELETED*ie writing some program that was not sent
by you, thus your program should not rely on the co*NAME-DELETED*ie being sent if you
need real security. You also have to store the co*NAME-DELETED*ie in a local file on
the server or in a database and check that the co*NAME-DELETED*ie was really created
by your program.

Regards,
Peter

[ back to toc ]