| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Van | Date: | May 17 1999 5:44am |
| Subject: | Re: PHP Tracking of Variables (was) Per User Password Administration | ||
| View as plain text | |||
Shafir wrote: > > Could this be solved by using semaphore and shared-memory functions? > I guess this would be the purpose of these functions. > > Does anyone have any examples on how these functions would be used > as a session management or as a fast memory method (instead of > accessing database on every request) > > I may not be talking sense here. > > At 02:47 PM 5/16/99 -0600, Sasha Pachev wrote: > >Van wrote: > >> > >> Well, I've gotten through the authentication mechanics, and, although > >> Monty and several others posted some simple but usefull techniques to > >> create user authentication for a Web-Enabled time sheet application, I > >> decided to create a separate database and table for the users, for > >> several reasons. Most important was to keep the mysql user tables out > >> of harms way. > >> Problem I'm having is variables getting set but, not staying alive after > >> authentication is successful. This may be a little off topic, but, if > >> anyone knows a way to keep user-defined variables alive while going from > >> page to page, I could sure use a tip. If anyone's interested, I could > >> send source code for the authentication scheme. > >> Regards, > >> Van > >> -- > > > >Does PHP have support for cookies? If not, or do you not want cookie > >warnings to be seen by the cookie-paranoid just use a hidden input in > >the form. If you want to be really "bullet-proof" (well, nothing is > >really bullet-proof) secure, you should not trust the value of the > >cookie/hidden input but always authenticate it againt some > >authentication schema. > > > >-- > >Sasha Pachev > >http://www.sashanet.com Shafir, Actually, you might be talking much sense, here. It's clearly possible to pass environment variables around the Apache animal with some strategic goals, but, there are configuration issues that make this implementation more likely targeted at client-based programming: i.e. cookies. If there's something you can find in the semaphore/shared-memory model that can be consistently communicated at the http-client request and ensure the environment doesn't change beyond what the web-developer who engineers the authentication to begin with, there's huge potential, here. Memory rocks, programming is unwieldy. My best find, yet, is the cookie approach, whereby the client freely accepts the cookie, and, the server has control over the half-life of the client data. It's actually quite quick, but, the security hit (small, though arguably) is a concern. I'd be most interested in hearing what you might find out using semaphores to keep-alive environment data through multiple gets/posts. Regards, Van -- ========================================================================= Linux rocks!!! www.dedserius.com =========================================================================