Re: WWW-Authentication and Postgresql - Mailing list pgsql-php

From Stephan Borg
Subject Re: WWW-Authentication and Postgresql
Date
Msg-id 001801c18e82$ba9dc900$1400a8c0@p1g
Whole thread Raw
In response to Re: WWW-Authentication and Postgresql  (Vince Vielhaber <vev@michvhf.com>)
Responses Re: WWW-Authentication and Postgresql
List pgsql-php
I have found the mod_auth_pgsql module to be the easiest way to
implement this function. Does anyone know if it takes the points
mentioned below into consideration?

Stephan

-----Original Message-----
From: Vince Vielhaber [mailto:vev@michvhf.com]
Sent: Wednesday, 26 December 2001 2:25 PM
To: Andrew McMillan
Cc: Stephan Borg; pgsql-php@postgresql.org
Subject: Re: [PHP] WWW-Authentication and Postgresql
<snip>
A couple of quick gotchas.  1) make sure you filter out all unwanted
characters so someone can't execute sql calls inside of a username or
password.  2) On failure make sure you send a 401 to the browser just
like you do initially when asking for the password to clear out the old
one - you can also use this to handle logouts.

Vince.
--
========================================================================
==
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com
http://www.pop4.net
         56K Nationwide Dialup from $16.00/mo at Pop4 Networking
        Online Campground Directory    http://www.camping-usa.com
       Online Giftshop Superstore    http://www.cloudninegifts.com
========================================================================
==



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


pgsql-php by date:

Previous
From: Vince Vielhaber
Date:
Subject: Re: WWW-Authentication and Postgresql
Next
From: Andrew McMillan
Date:
Subject: Re: WWW-Authentication and Postgresql