Passwording an application

by **njw** » Wed Mar 29, 2006 7:41 am

I would like to include a user table with passwords to allow, or not, access to the application. Are there any guidelines on how to do this - working on the web, rather than a LAN based system?

Many thanks

Neil

by **shannah** » Wed Mar 29, 2006 8:51 am

Currently Dataface doesn't officially deal with permissions or authentication. This will be added in the next release. Thus you are free to implement whatever form of authentication you like. There is a permissions() framework with Dataface that is not documented yet but this framework is independent of how you authenticate.

The forthcoming authentication framework will also be flexible for your implementation. It will allow you to specify the user table and username and password columns and handle the authentication from there. The logged in username will be stored inside the $_SESSION variables.

The permissions framework will allow you to define permissions on records using a getPermissions() method in the delegate class. I'll try to get some examples up soon.

by **njw** » Thu Mar 30, 2006 10:01 am

Thanks Steve. Any idea on timings?

by **njw** » Thu Mar 30, 2006 11:27 am

I have been taking a little break from Dataface and work to focus on my courses for the past few days. My plan was to release Dataface 0.5.4 for April 5/6. If the authentication framework doesn't make it into 0.5.4 it will be added in 0.5.5 which will be around April 20.

by **njw** » Sat Apr 01, 2006 8:15 am

Thanks Steve. Understand that the day job takes precedence!

The thing I'd most like to do is to allow more than one person access to the database, and use the MySQL security mechanism to restrict access. I have had a look at the code, and it doesn't look easy to put a login screen into the app without editing the dataface code. Am I right?

Many thanks

Neil

by **shannah** » Sat Apr 01, 2006 1:08 pm

" method="POST">

Login

Username:
Password:

by **njw** » Mon Apr 03, 2006 3:40 am

Thanks a lot Steve. I don't need permissions at the moment, so no issue waiting for 0.5.4.

Thanks again

Neil

by **shannah** » Mon Apr 03, 2006 10:43 am

If you don't need permissions, why not use .htaccess files for authentication? That way you wouldn't have to modify any PHP code.

by **njw** » Thu Apr 06, 2006 7:14 am

All my users, including myself, are coming in over the web and don't have consistent IP addresses. What I am trying to avoid is holding the MySQL passwords in clear text, even though the php file is protected by a .htaccess directive.

Alternatively, I do know very little about these matters, so I accept I could be being naive!

Passwording an application

Who is online