Kevin wrote:
> Hello,
>
> I am wanting to design a login script for my web application. I want some of the runmodes to be private to the Admin. Do I need to use both CAP::Authentication & CAP::Authorization, or can I just use CAP::Authorization to achieve this.
When developing, "authentication" (authen) and "authorization" (authz) are 2
very different things. Authen means that you verify who the user is. Authz means
you determine whether the verified user can do what he's trying to do.
Typical "login scripts" want to protect something based on a username and
password. So, the authen would be verifying that their username (and password)
are valid. The authorization would be asking "do they have admin privileges".
So you'll need both.
But there are situations where you would only need one or the other. For instance
+ A public forum where anyone can post, but where logged in users have their
named saved with their posts - Needs authen but not authz.
+ An application that restricts access by IP address (maybe just a intranet
page) - Needs authz but not authen.
HTH
--
Michael Peters
Developer
Plus Three, LP
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.