View Complete Thread | FoxWeb Forum Home
Date:    Msg ID:   
From:    Thread:   
If you plan on having more than a few users then I recommend that you store your list in a table and point to it with the Auth.AuthTable property.  The only situation where Auth.AuthList is useful is when you only have a couple of users whose IDs and passwords don't change much.  In such cases it may make sense to hard-code this information in your script(s).

The Auth.Authenticate method was not designed to be called from fw_enter.prg and in fact will not work properly if you use it this way.  If you want to store all your authentication code in the same place, then you should do so in a separate PRG file, which you call at the beginning of all scripts that need protection.  A future version of FoxWeb may support calls to Auth.Authenticate from fw_enter.prg.

FoxWeb Support Team

Sent by Alan Harris-Reid on 01/06/2002 04:46:41 PM:

I am about to build authorisation into a Foxweb-based site and I like the idea of using the Auth.authlist property.  To prevent the user editing Authenticate.fwx, I am thinking of allowing the user/password list to be kept in a plan text file, which is read into the Auth.authlist property by FILETOSTR().  Where is the best place to store this .txt file?  I can easily keep it outside of the web tree, but would it be safe-enough in \programroot\subdir ?  Would it be safer on a totally different area (the data is already on a different drive letter)?

The vast majority of pages within the website will require authorised access only.  If I run Authenticate.fwx from FW_enter.prg, is this enough to prevent any .fwx script being run if authentication is not successful?  Do I have to return to .F. if authorisation is unsuccessful or will  script execution be terminated automatically?

Any comments would be appreciated.

Alan Harris-Reid