• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: WO Authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WO Authentication


  • Subject: RE: WO Authentication
  • From: "Adrian Williams" <email@hidden>
  • Date: Tue, 4 Mar 2003 12:04:47 -0000 (GMT)

Thanks for the feedback Ray,

I experimented with this too, and it works fine for performing the initial validation of the user,
but now I'm interested in the best way to secure each and every component in the application, so
that any 'bookmarked' pages will redirect to the login page if this session hasn't already been
validated.

I was considering extending the WOComponent class as a 'SecureComponent' class (or similar) and
having the constructor check the Session object for a 'validated' instance variable or maybe check
for a client cookie, etc. etc....

Obviously there's a million ways you could do this, but I was wondering whether there is an
accepted 'best-practice' way of doing it... Just trying to avoid re-inventing the wheel really
(especially if, as a beginner with WO, I do it in a duff way!)...

All pointers would be very welcome...

Thanks again
Adrian Williams


> Adrian,
>
> I find myself to be in a place very similar to yours. I have just  finished the tutorials and am
> working on my first "real" project.
>
> The way I approached the situation was to create a database table of  users (was also relevant
> as was presenting data appropriate to the  user, so needed a login). I then created the Main
> page with 2 fields  (login & password) and then had a fetch for records matching those  entries.
>
> If there was one matching record (hopefully there will never be more  than one) then the user
> was validated.
>
> I also altered it at a later stage where it did the fetch to match the  login id, and then did a
> comparison to see if the password matched.  This was just so I could give a different error
> message dependant on  whether the login was bad, or the password.
>
> I don't know if there are more secure methods, but there is one option.
>
> Ray.
> _______________________________________________
> webobjects-dev mailing list | email@hidden
> Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev Do not
> post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.

References: 
 >RE: NEWBIE! WO Authentication (From: Ray Ackland <email@hidden>)

  • Prev by Date: default D2WDisplayNumber and D2WEditNumber forma tters
  • Next by Date: Strange behaviour KeyValueCoding
  • Previous by thread: RE: NEWBIE! WO Authentication
  • Next by thread: 5.2 Not Responding
  • Index(es):
    • Date
    • Thread