DW login page server behaviour

Report · Jul 17, 2006

I'm just finding my way with my first mySQL project, and have gotten as far as a working, hosted page displaying data, and have been having a look at creating a login page.

I've just created one using DW's built in User Authentication > Login Page server behaviour , which I've managed to get working pretty much first time (which is unusual for me!) - so my question is just whether or not that is secure enough, or if people would frwon on that, and advise me to do x, y and z to make it properly secure?

link

Cheers,
Iain

Report · Jul 17, 2006

Iain

The login behaviour creates a fairly secure system that will meet the needs
of most sites.

--
Paul Whitham
Certified Dreamweaver MX2004 Professional
Adobe Community Expert - Dreamweaver

Valleybiz Internet Design
www.valleybiz.net

"Iain71" <webforumsuser@macromedia.com> wrote in message
news:e9hdq2$l73$1@forums.macromedia.com...
> I'm just finding my way with my first mySQL project, and have gotten as
> far as
> a working, hosted page displaying data, and have been having a look at
> creating
> a login page.
>
> I've just created one using DW's built in User Authentication > Login Page
> server behaviour , which I've managed to get working pretty much first
> time
> (which is unusual for me!) - so my question is just whether or not that is
> secure enough, or if people would frwon on that, and advise me to do x, y
> and z
> to make it properly secure?
>
> Cheers,
> Iain
>

Report · Jul 18, 2006

Cheers Paul - and a good answer. Although I noticed that the password isn't case sensitive even (although there might be a setting for that I missed.)

It's for a recruitment agency site I've done, to replace the existing vacancies page, so not the most sensitive data.

Although I went on an ASP course last year and touched on login screens, sessions etc, and IIRC covered 'closing the back door' to login success or fail pages - at the moment for example the login page I did doesn't stop me from just browsing to the page that a successful login takes you to - is it possible to prevent this?

Iain

Report · Jul 18, 2006

Iain71 wrote:
> at the moment for example the login page I did doesn't stop me from
> just browsing to the page that a successful login takes you to - is it possible
> to prevent this?

Restrict Access to Page server behavior.

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/

Report · Jul 18, 2006

Brilliant - thanks David. It was after 1am by the time I'd gotten that far last night, so figured it was enough for one night. Is it just a case of adding that server behaviour to the 'logged in' page in addition to the log in page, or would I not need the log in page?

Having a quick look at the bahaviour here, it doesn't bring up a dialogue box that looks up fields in a 'Users' table in the way that the Login User bahaviour did - how does the Restrict Access to Page bahaviour look this up before deciding to allow or deny access?

Iain

Report · Jul 18, 2006

Not sure if your interested, but I have an extension that would help you,
the PHP Login Suite.

It contains 34 server behaviors to build a complete login system, and goes
way beyond the behaviors built into DW, offering a lot of extra
functionality. It is a commercial extension, but only costs �19.99. The full
manual is available at the address below so you can see exactly what the
suite can do.

http://www.phploginsuite.co.uk/

It may be that the built in behaviors do all you need, but on the other hand
the extra functionality would probably be useful to you.

Thanks

Gareth
http://www.phploginsuite.co.uk/
PHP Login Suite V2 - 34 Server Behaviors to build a complete Login system.

Report · Jul 18, 2006

Cheers - may just do that - the manual is certainly very thorough and clear. I need to find out if my current client wants to go ahead with adding database functionality - if so I'll probably make a purchase.

Iain