1 Reply Latest reply on Sep 8, 2009 2:07 PM by MartinBrändle

    login with email and password

    steelbut

      Title

      login with email and password

      Your post

      I have a large set of files served with FMSA 9 and want to allow web users to log in using their email and password.  I have made another file that ties to the large set for web access.  The one for web access I would like a login button that would open to show only the related records for that email.  Can anyone provie a sample script to help me figure it out.  And what would be the best approch.  I did not want to use the re-login becasue it does not use email.  And how can I program the literal text as part of the users entry?

       

      I am really greatfull to this comminity for all your help!

       

      Thanks, Larry

        • 1. Re: login with email and password
          MartinBrändle
            

          XML/XSLT CWP or PHP CWP?

          Are the e-mail addresses stored in a database? Or accessible through a directory server (AD or LDAP)?

           

          This is not straightforward. The usual way goes through web sessions, and you should read the corresponding CWP Guide sections. Whatever technology you use, you need to think about your security model: What security measures must be taken so that

          - user data can't be read out from your database by tweaking the URL?

          - sessions can not be circumvented by tweaking the session cookie?

          - login can be gained by tweaking the input strings (e-mail and password)?

          - if IP ranges are to be considered as well, what if somebody fiddles with them?

          - e-mail/pw combinations can't be read out through man-in-the-middle attacks?

           

          I programmed login/logout procedures twice with XML/XSLT CWP. For both cases I had to start from scratch. There is no standard procedure, it all depends on your security requirements.

           

          I recommend also to read Sverre H. Huseby, Innocent code : a security wake-up call for web programmers, Wiley, Chichester (2004), ISBN 0-470-85744-7.