RE: WO Authentication
RE: WO Authentication
- Subject: RE: WO Authentication
- From: "Adrian Williams" <email@hidden>
- Date: Tue, 4 Mar 2003 12:04:47 -0000 (GMT)
Thanks for the feedback Ray,
I experimented with this too, and it works fine for performing the initial validation of the user,
but now I'm interested in the best way to secure each and every component in the application, so
that any 'bookmarked' pages will redirect to the login page if this session hasn't already been
validated.
I was considering extending the WOComponent class as a 'SecureComponent' class (or similar) and
having the constructor check the Session object for a 'validated' instance variable or maybe check
for a client cookie, etc. etc....
Obviously there's a million ways you could do this, but I was wondering whether there is an
accepted 'best-practice' way of doing it... Just trying to avoid re-inventing the wheel really
(especially if, as a beginner with WO, I do it in a duff way!)...
All pointers would be very welcome...
Thanks again
Adrian Williams
> Adrian,
>
> I find myself to be in a place very similar to yours. I have just finished the tutorials and am
> working on my first "real" project.
>
> The way I approached the situation was to create a database table of users (was also relevant
> as was presenting data appropriate to the user, so needed a login). I then created the Main
> page with 2 fields (login & password) and then had a fetch for records matching those entries.
>
> If there was one matching record (hopefully there will never be more than one) then the user
> was validated.
>
> I also altered it at a later stage where it did the fetch to match the login id, and then did a
> comparison to see if the password matched. This was just so I could give a different error
> message dependant on whether the login was bad, or the password.
>
> I don't know if there are more secure methods, but there is one option.
>
> Ray.
> _______________________________________________
> webobjects-dev mailing list | email@hidden
> Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev Do not
> post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.