Announcement

Collapse
No announcement yet.

User Login

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    User Login

    I'm writing some custom mivascripts and would like to lock down the application.

    What methodology is used to authenticate users and maintain a session in a Mivascript environment?

    (I've never seen Merchant code so I can't use it as an example)


    Thanks,
    Tim

    #2
    Re: User Login

    Hmmm, that's a pretty big question ... basically, you need to set up a unique session ID for each user. The Miva VM has a built-in function, makesessionid(), to create these. The LSK contains the code that MM uses to manage this ID, such as storing it in a cookie, expiring it after a certain time period, etc. You can download a copy of this for free.

    Usernames and passwords are pretty straightforward. You can program one login for everyone, or set up a database table to hold separate ones for each user. Miva Script supports several different types of encryption with built-in functions. Again, the LSK contains a lot of MM's own code for this.
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    Comment


      #3
      Re: User Login

      Session management is a deceptively complicated thing. OWASP has some good resources on current industry best practices:

      https://www.owasp.org/index.php/Auth...on_Cheat_Sheet
      https://www.owasp.org/index.php/Sess...nt_Cheat_Sheet
      https://www.owasp.org/index.php/Pass...ge_Cheat_Sheet

      Comment


        #4
        Re: User Login

        Thanks for the guidance guys! I will start doing my homework accordingly.

        Comment

        Working...
        X