Passwording an application

A place for users and developers of the Xataface to discuss and receive support.

Postby njw » Wed Mar 29, 2006 7:41 am

I would like to include a user table with passwords to allow, or not, access to the application. Are there any guidelines on how to do this - working on the web, rather than a LAN based system?

Many thanks

Neil
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Wed Mar 29, 2006 8:51 am

Currently Dataface doesn't officially deal with permissions or authentication. This will be added in the next release. Thus you are free to implement whatever form of authentication you like. There is a permissions() framework with Dataface that is not documented yet but this framework is independent of how you authenticate.

The forthcoming authentication framework will also be flexible for your implementation. It will allow you to specify the user table and username and password columns and handle the authentication from there. The logged in username will be stored inside the $_SESSION variables.

The permissions framework will allow you to define permissions on records using a getPermissions() method in the delegate class. I'll try to get some examples up soon.
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby njw » Thu Mar 30, 2006 10:01 am

Thanks Steve. Any idea on timings?
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm

Postby njw » Thu Mar 30, 2006 11:27 am

I have been taking a little break from Dataface and work to focus on my courses for the past few days. My plan was to release Dataface 0.5.4 for April 5/6. If the authentication framework doesn't make it into 0.5.4 it will be added in 0.5.5 which will be around April 20.
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm

Postby njw » Sat Apr 01, 2006 8:15 am

Thanks Steve. Understand that the day job takes precedence!

The thing I'd most like to do is to allow more than one person access to the database, and use the MySQL security mechanism to restrict access. I have had a look at the code, and it doesn't look easy to put a login screen into the app without editing the dataface code. Am I right?

Many thanks

Neil
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Sat Apr 01, 2006 1:08 pm

" method="POST">

Login



Username:
Password:
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby njw » Mon Apr 03, 2006 3:40 am

Thanks a lot Steve. I don't need permissions at the moment, so no issue waiting for 0.5.4.

Thanks again

Neil
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Mon Apr 03, 2006 10:43 am

If you don't need permissions, why not use .htaccess files for authentication? That way you wouldn't have to modify any PHP code.
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby njw » Thu Apr 06, 2006 7:14 am

All my users, including myself, are coming in over the web and don't have consistent IP addresses. What I am trying to avoid is holding the MySQL passwords in clear text, even though the php file is protected by a .htaccess directive.

Alternatively, I do know very little about these matters, so I accept I could be being naive!
njw
 
Posts: 280
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved