[Phplogcon-dev] phplogcon without user managment

Michael Meckelein mmeckelein at hq.adiscon.com
Fri Dec 9 10:30:17 CET 2005 

Brian,

Probably I was too vague. As in phplogcon_1.2.1, if the user leaved the
"Install User Interface:" unchecked (or set it manually in config.php,
define('_ENABLEUI', 0)) there is NO user management for phplogcon. No
user in Users table. So it can only used as a single user application.

Using authentication (windows, linux, whatever) together with this
configuration is only used to denied access to phplogcon's pages to who
are not authorizes to use it. 

I did not mean to use the OS authentication mechanism to verify against
phplogcon's own user management system.

Michael

> -----Original Message-----
> From: phplogcon-dev-bounces at lists.adiscon.com [mailto:phplogcon-dev-
> bounces at lists.adiscon.com] On Behalf Of Brian Shea
> Sent: Friday, December 09, 2005 1:17 AM
> To: phplogcon-dev at lists.adiscon.com
> Subject: Re: [Phplogcon-dev] phplogcon without user managment
> 
> So in IIS people have it setup to allows users listed in the windows
users
> to access, such as administrator. In which case, you do not want to
verify
> them against a user in the DB. Okay, that is fine. We just remove the
user
> in DB check from the auth function when server (apache, IIS) auth is
> turned
> on. Sessions are sent as a cookie to the browser and stored. So when
the
> server authenticates a user and grants access, the PHP code will pick
up
> the
> session id and all session value restored.
> 
> Since sessions are started before auth is run, auth can be removed!!
Or
> return true with server auth is enalbed.
> 
> I dont see any issues here. Auth was a means for a central
authentication
> so
> that if a change was required, it would be propagated to all pages
that
> called auth.
> 
> Since, in 1.2.4_bgs, all page access is done from index.php, we just
need
> to
> add a define to the config.php called SERVER_AUTH and set it true with
the
> server does the authentication.
> 
> Auth can still be called, it will just need to check for the define
> statement and return true.
> 
> I have to use a vacation day so i will be off friday (Dec 9th),
(execpt
> for
> one breif meeting) i can work on adding this feature.
> 
> 
> On 12/8/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
> >
> > > I think it is a vital point that phplogcon is working without the
> > > authentication stuff. Please hold in mind that phplogcon is also
> > running
> > > in a windows environment (IIS). Some people prefer to use windows
> > > integrated authentication.
> >
> > To be accurate, using windows authentication is only the
authentication
> > part to deny access to users who are not authorized (same as using
e.g.
> > .htaccess or other file access control mechanism). Of course using
only
> > one of these approaches provides not the advantages of phplogcon's
user
> > management.
> >
> > Michael
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
> _______________________________________________
> Phplogcon-dev mailing list
> http://lists.adiscon.net/mailman/listinfo/phplogcon-dev

More information about the Phplogcon-dev mailing list