Re: [cgiapp] Login Script

["Kevin" <suppressed>]

I would like to first have then authenticate, then only be allowed to access 
certain runmodes depending on the group they belong to.

So, it sounds like I will need to use them both.

Kevin


----- Original Message ----- 
From: "Michael Peters" <suppressed>
To: "Kevin" <suppressed>
Cc: "CGI::Applicaiton" <suppressed>
Sent: Sunday, March 19, 2006 6:36 PM
Subject: Re: [cgiapp] Login Script


> Kevin wrote:
> > Hello,
> >
> > I am wanting to design a login script for my web application.  I want 
> > some of the runmodes to be private to the Admin.  Do I need to use both 
> > CAP::Authentication & CAP::Authorization, or can I just use 
> > CAP::Authorization to achieve this.
>
> When developing, "authentication" (authen) and "authorization" (authz) are 
> 2
> very different things. Authen means that you verify who the user is. Authz 
> means
> you determine whether the verified user can do what he's trying to do.
>
> Typical "login scripts" want to protect something based on a username and
> password. So, the authen would be verifying that their username (and 
> password)
> are valid. The authorization would be asking "do they have admin 
> privileges".
> So you'll need both.
>
> But there are situations where you would only need one or the other. For 
> instance
>
> + A public forum where anyone can post, but where logged in users have 
> their
> named saved with their posts - Needs authen but not authz.
>
> + An application that restricts access by IP address (maybe just a 
> intranet
> page) - Needs authz but not authen.
>
> HTH
>
> --
> Michael Peters
> Developer
> Plus Three, LP


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed