Re: Web Security

Perhaps you could create a directory called SysAdmin protected by an
.htaccess file that  allows access only to the SysAdmin person with the
right user name and password.

Depending on the $REMOTE_USER you can allow or disallow access to certain
areas of your site.

All the best,

Dorin



At 02:05 PM 2/27/2001 +0000, Paul Joseph McGee wrote:
>Hi everybody,
>I am trying to implement a website where users may login and view
>available properties. Basically it is an online auctioneering site which
>is my final year project. I want to be able as SysAdmin to log in
>myself
>and modify, add properties, upload images etc. At the moment I am toying
>with letting
>both users and SysAdmin log in from the same authentication window. The
>properties are all saved in a PostgreSQL database on my machine here. I
>have created a user <webadmin> who has insert, update, select and delete
>priveleges
>on all tables in my database. This user is unable to create databases or
>users. When the SysAdmin logs in he will have a page where he can modify
>houses etc, while when an ordinary user logs in he will have the basic
>window where he can search for houses. At the moment I have it such that
>both users and SysAdmin when connected are connected as webadmin. I dont
>think this is a very secure method but its all i can think of at the
>moment. I'm also not sure how to kep the SysAdmin's page secure from
>everybody else. At the moment all my pages are in a
>/usr/local/apache/htdocs/project/ directory. Does anybody have an idea how
>i could make this implementation more secure and functional.
>Thanks,
>Paul