log in

[steve]

Hi all

I like to make a log in page for my customer so each customer will
have there own user name and password and after they enter them user
name and password they will be taken to the different pages.
What is the secure way to do this.
I found some JavaScript to do that but it look very unsecured.

Thanks

 

[David Dorward]

Hi all

I like to make a log in page for my customer so each customer will
have there own user name and password and after they enter them user
name and password they will be taken to the different pages.
What is the secure way to do this.

In a nutshell:
* Run everything over https so its encrypted
* Have the password sent for every page, either using basic authentication,
or cookies[1]
* Authenticate the password with some process running on the server. The
specifics depend on the features of the server.

[1] Don't depend on one check and then given them an unprotected URI. That
way leads to allowing the password to be bypassed

 

[steve]

Hi all

I like to make a log in page for my customer so each customer will
have there own user name and password and after they enter them user
name and password they will be taken to the different pages.
What is the secure way to do this.

In a nutshell:
* Run everything over https so its encrypted
* Have the password sent for every page, either using basic authentication,
or cookies[1]
* Authenticate the password with some process running on the server. The
specifics depend on the features of the server.

[1] Don't depend on one check and then given them an unprotected URI. That
way leads to allowing the password to be bypassed

How do I protect the page?

 

[David Dorward]

How do I protect the page?

I explained it here: <[email protected]>

Hint: If you need more detail about something, then don't full quote the
reply and follow it with a repeat of the original question.