A sort of authentication question...

Results 1 to 3 of 3

Thread: A sort of authentication question...

  1. #1
    Join Date
    Dec 1969

    Default A sort of authentication question...

    I just had a question about a username/password method i am using for an asp application that I recently wrote. I am a student worker at monmouth university and I was asked to write a sort of scheduling progrom for the psychology department. I would far from consider myself an asp expert as everything I have learned is self taught from books and various projects we have done here. This project for psychology was my first attempt at a real sort of application to be used by faculty and students, it was sort of scarry :)<BR><BR>The gyst of the application is pretty much graduate students need to make projects for freshmen intro to psych students to sign up for and then check off their attendendce, keep track of credits and times the projects are running on. Then the student can come in and look at a calendar with all the times of projects and sign up for them, and finally an admin who can do anything pretty much. Theres a lot more to it then that but thats probably more then most of you care to hear about it :)<BR><BR>Our method for a name and password system was to store each person&#039;s login and password in the sequel database. When you log in from a strait html page it passes on your name/pass. On the top of each page there is an include that gets the name and password, queries the database to see if they exist there and match up and if they are NOT there, shows a small little "please login again and such message", otherwise just shows the page. So each page is just encaplisated in a big if then else end if statement.<BR><BR> Also each page has a small form with hidden elements called name and pass to be submitted any time the user changes pages (ie clicks on a link). So if the student want to say go from thier info page to a calendar page we have a small javascript that submits the password form to the calendar page so the valdation will succeed. <BR><BR>I guess my question is, is this an ok way handle having a user name and password? We didnt want to use session objects or cookies to pass the things around, and doing it on the querystring is just silly :)<BR>calendar.asp?username=joe&password=Iloveloch s ...who wants that on their url bar? :) Again this isnt a high security thing either, i dont think people want to hack into the psychology scheduling program :P <BR><BR>So any input about this metod would be most appreciated :) Oh and the psych students/facilty have been using it all semester and it is working really well and they all love it, I think thats pretty good for my first asp application. hehe if i could do it again though there&#039;s a lot of things i would change :) But anyway, any help would be much apprecated, and thank you for taking the time to read my post :)<BR><BR>James DeRagon<BR>Reapy@centric.net

  2. #2
    Heaven's Martini Guest

    Default on my day off

    Well,<BR><BR>I would do one thing.<BR><BR>once the user has been authenticated, grab some sort of id column from the database that uniquely identifies that user instead of carrying around text in your pages, this way you just pass an id. then just write simple query if you must for that id, and it should be significantly faster, and if anyone really wants to see the source, its just some arbitrary number versus meaningful text. <BR><BR>imo.<BR>but then again, what do I know.

  3. #3
    Join Date
    Dec 1969

    Default RE: on my day off

    Ohh thats a good idea i feel so stupid :) And i shouldnt have to query the database at all after the first time, just check to make sure that that value is what it needs to be, make some arbitary value like login = "true" or something, that way i dont have to pass the password around (still need the id for various things) and you can avoid querying the database on every page. Its too late now to really change it (since it is being used) but when it comes time to do something else I know a better way to do it now.<BR><BR>Thanks again! :) And i&#039;m sure you know plenty :)<BR><BR>James

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts