List:General Discussion« Previous MessageNext Message »
From:Van Date:May 17 1999 5:44am
Subject:Re: PHP Tracking of Variables (was) Per User Password
Administration
View as plain text  
Shafir wrote:
> 
> Could this be solved by using semaphore and shared-memory functions?
> I guess this would be the purpose of these functions.
> 
> Does anyone have any examples on how these functions would be used
> as a session management or as a fast memory method (instead of
> accessing database on every request)
> 
> I may not be talking sense here.
> 
> At 02:47 PM 5/16/99 -0600, Sasha Pachev wrote:
> >Van wrote:
> >>
> >> Well, I've gotten through the authentication mechanics, and, although
> >> Monty and several others posted some simple but usefull techniques to
> >> create user authentication for a Web-Enabled time sheet application, I
> >> decided to create a separate database and table for the users, for
> >> several reasons.  Most important was to keep the mysql user tables out
> >> of harms way.
> >> Problem I'm having is variables getting set but, not staying alive after
> >> authentication is successful.  This may be a little off topic, but, if
> >> anyone knows a way to keep user-defined variables alive while going from
> >> page to page, I could sure use a tip.  If anyone's interested, I could
> >> send source code for the authentication scheme.
> >> Regards,
> >> Van
> >> --
> >
> >Does PHP have support for cookies? If not, or do you not want cookie
> >warnings to be seen by the cookie-paranoid just use a hidden input in
> >the form. If you want to be really "bullet-proof" (well, nothing is
> >really bullet-proof) secure, you should not trust the value of the
> >cookie/hidden input but always authenticate it againt some
> >authentication schema.
> >
> >--
> >Sasha Pachev
> >http://www.sashanet.com
Shafir,
Actually, you might be talking much sense, here.  It's clearly possible
to pass environment variables around the Apache animal with some
strategic goals, but, there are configuration issues that make this
implementation more likely targeted at client-based programming:  i.e.
cookies.  If there's something you can find in the
semaphore/shared-memory model that can be consistently communicated at
the http-client request and ensure the environment doesn't change beyond
what the web-developer who engineers the authentication to begin with,
there's huge potential, here.  Memory rocks, programming is unwieldy. 
My best find, yet, is the cookie approach, whereby the client freely
accepts the cookie, and, the server has control over the half-life of
the client data.  It's actually quite quick, but, the security hit
(small, though arguably) is a concern.  I'd be most interested in
hearing what you might find out using semaphores to keep-alive
environment data through multiple gets/posts.
Regards,
Van
-- 
=========================================================================
Linux rocks!!!   www.dedserius.com
=========================================================================
Thread
Per User Password AdministrationVan13 May
  • Per User Password AdministrationMichael Widenius13 May
  • Re: Per User Password AdministrationChristian Mack14 May
  • PHP Tracking of Variables (was) Per User Password AdministrationVan16 May
  • Re: PHP Tracking of Variables (was) Per User Password Administration (Never Mind)Van16 May
  • Re: PHP Tracking of Variables (was) Per User Password AdministrationSasha Pachev17 May
    • Re: PHP Tracking of Variables (was) Per User PasswordAdministrationShafir17 May
  • Re: PHP Tracking of Variables (was) Per User Password AdministrationVan17 May
  • Re: PHP Tracking of Variables (was) Per User PasswordAdministrationVan17 May
  • Re: PHP Tracking of Variables (was) Per User Password AdministrationSasha Pachev17 May
  • Parsing of Mail files into a DatabaseVan18 May
    • Parsing of Mail files into a DatabaseMichael Widenius22 May
    • Parsing of Mail files into a DatabaseMichael Widenius22 May
  • Now, How to sed on Perl Vars?Van18 May
    • Re: Now, How to sed on Perl Vars?Thimble Smith18 May
  • Re: Now, How to sed on Perl Vars?Van19 May
Re: Parsing of Mail files into a DatabaseVan18 May
  • Re: Parsing of Mail files into a DatabaseDaniel E. White18 May
Re: Parsing of Mail files into a DatabaseVan18 May
  • Re: Parsing of Mail files into a DatabaseDaniel E. White18 May
Re: Parsing of Mail files into a DatabaseVan18 May