[Phplogcon-dev] phplogcon without user managment

Brian Shea bgshea at gmail.com
Fri Dec 9 06:18:40 CET 2005 

One question?

If Apache or IIS is used to authenticate users, how do you know which user
got authenticated?

Or does phplogcon not care? Single user web app.

One addition to the previous email, _SESS_SHARE_TBL will not be compatible
with _SERVER_AUTH.  _SERVER_AUTH will negate _SESS_SHARE_TBL, so a seperate
session table will need to be used. No big deal.  In this mode, sessions
will only store settings that the user sets. But I suspect that in future
version of phpLogCon most of the filter and config setting will be stored
into UserPrefs table.

Draw backs, if users migrates from PC to Laptop to Home computer to
whereever, his settings will be different on each computer. Since the server
(IIS or APACHE) does not pass along user info, there is no way for phplogCon
to know which settings to load.

Options, use sessions only to store things that are required to navigate the
pages, preform searchs, and return results. Everything else, predefiined
search terms, layout, language, etc, get stored to UserPrefs. UsersPrefs are
loaded no matter who view the page.





On 12/8/05, Brian Shea <bgshea at gmail.com> wrote:
>
> So in IIS people have it setup to allows users listed in the windows users
> to access, such as administrator. In which case, you do not want to verify
> them against a user in the DB. Okay, that is fine. We just remove the user
> in DB check from the auth function when server (apache, IIS) auth is turned
> on. Sessions are sent as a cookie to the browser and stored. So when the
> server authenticates a user and grants access, the PHP code will pick up the
> session id and all session value restored.
>
> Since sessions are started before auth is run, auth can be removed!! Or
> return true with server auth is enalbed.
>
> I dont see any issues here. Auth was a means for a central authentication
> so that if a change was required, it would be propagated to all pages that
> called auth.
>
> Since, in 1.2.4_bgs, all page access is done from index.php, we just need
> to add a define to the config.php called SERVER_AUTH and set it true with
> the server does the authentication.
>
> Auth can still be called, it will just need to check for the define
> statement and return true.
>
> I have to use a vacation day so i will be off friday (Dec 9th), (execpt
> for one breif meeting) i can work on adding this feature.
>
>
> On 12/8/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
> >
> > > I think it is a vital point that phplogcon is working without the
> > > authentication stuff. Please hold in mind that phplogcon is also
> > running
> > > in a windows environment (IIS). Some people prefer to use windows
> > > integrated authentication.
> >
> > To be accurate, using windows authentication is only the authentication
> > part to deny access to users who are not authorized (same as using e.g.
> > .htaccess or other file access control mechanism). Of course using only
> > one of these approaches provides not the advantages of phplogcon's user
> > management.
> >
> > Michael
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
>
>

More information about the Phplogcon-dev mailing list