NYCPHP Meetup

NYPHP.org

[nycphp-talk] In hind sight

Kristina Anderson ka at kacomputerconsulting.com
Fri Feb 6 20:43:11 EST 2009 

Michele,

Congrats!!!  Enjoy the party:-). You earned it.


Kristina

> This is a multi-part message in MIME format.
> 
> 
> BTW: 
> 
>  
> 
> Guys,
> 
>  
> 
> I’m drinking now.  Final post before taking vacation.  Yeahhhhhh!  My first
> major website.  I did a Zencart before, but never homespun like this.  I,
> typically, modify E. Indian made websites.
> 
>  
> 
> My implementation is a spin on:
> 
> http://www.berenddeboer.net/rest/authentication.html
> 
>  
> 
> There’s a Opera and Safari kink to iron out.  So, they are not working.
> 
>  
> 
> Because I can’t use this implementation without validating the account
> before login in with ajax, I use php session variables for security outside
> the account.  It validates the user has correctly answered captchas and
> security question and validates the security question id is correct before
> responding the login information is valid.  I use this on all pages trying
> to login or send email to reduce the chances of robots getting anywhere.
> 
>  
> 
> However, once inside I only use that approach when modifying the user’s
> info.  The rest depends entirely on mod_auth_digest/mysql, my version.  That
> means I don’t have to modify every single php file with authentication
> checks.
> 
>  
> 
> I hooked up with a guy on the apache mailing list that gave me the final
> piece of the puzzle to prevent login dialog popups.
> 
>  
> 
> I know I followed a lot of wrong tangents at points and people may think I’m
> lost, but it’s tight now.
> 
>  
> 
> If you don’t have one million hits a day, once opera and safari get on
> board, I welcome you to check it out.
> 
>  
> 
> Yeaaaaaaaaahhhhhhhhhhhhhhhh!  I’m done!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  Going
> live!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> 
>  
> 
> Michele
> 
>  
> 
>  
> 
>   _____  
> 
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Michele Waldman
> Sent: Friday, February 06, 2009 8:42 AM
> To: 'NYPHP Talk'
> Subject: Re: [nycphp-talk] In hind sight
> 
>  
> 
> Sure thing.  My hind sight was wrong.  I definitely needed this
> implementation.  I can’t log out in ajax with basic.  I always second guess
> myself.  Keeps me in check.
> 
>  
> 
> Good news for you guys.  I’m taking vacation to recuperate from the 15-18
> hour days I’ve been working on and off over the last 2 ½ months.  I should
> be posting for at least a month.
> 
>  
> 
>   _____  
> 
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Elijah Insua
> Sent: Friday, February 06, 2009 12:13 AM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] In hind sight
> 
>  
> 
> Michele,
>  
> just as a suggestion for the future.. could you keep all of these in the
> same thread?
> 
> Thanks,
> 
> -- Elijah
> 
> 2009/2/5 Peter Sawczynec <ps at blu-studio.com>
> 
> Sigh. 
> 
>  
> 
> Warmest regards, 
> 
>  
> 
> Peter Sawczynec 
> 
> Technology Dir.
> 
> blûstudio 
> 
> 941.893.0396
> 
> ps at blu-studio.com <mailto:ps at sun-code.com>  
> 
> www.blu-studio.com 
> 
>  
> 
>  
> 
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Michele Waldman
> Sent: Thursday, February 05, 2009 5:47 PM
> To: 'NYPHP Talk'
> Subject: [nycphp-talk] In hind sight
> 
>  
> 
> In hind sight, I could have used mod_auth_mysql just as well as
> mod_auth_digest/mysql using htaccess the way I do now.
> 
>  
> 
> Duh!  But, it's considered more secure.  So, no loss.
> 
> 
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/show_participation.php
> 
>  
> 
> 
> 

-------------------
Kristina D. H. Anderson
PHP Application Developer
"Building a Better Tomorrow, One Line of Code at a Time"
347 254 2810

More information about the talk mailing list