[opencms-dev] Login page defence

Thomas Maerz thomasmaerz at gmx.de
Thu Apr 21 00:19:23 CEST 2005


"Tim Howland" <thowland at organic.com> writes:

> We solved this by embedding code into our templates that checked to see
> if the user was logged in. If it wasn't, they would be redirected to a
> login form. If you search the mailing list archives at opencms.org, I'm
> sure you'll turn up some sample code. 

Just got one or two suggestions. Maybe you could set properties on
resources and folders and compare it somehow to the current user.
So you could set and unset protected files and folders?

Let's call the properties permission. And let's introduce group and user
permissions, so e. g. I could make a resource only visible to a specific
user or to certain users that have to be in a special group.

It would be nice to have a property that sets a login page. If a user
must not see a resource - has no properties (permissions) set for - we
could redirect him to this login page. We could this property in a file
named opencms.properties?

Some features for future development could include UNIX based file
permissions or even group inheritance and an Access Control List?


What do you think?

Regards,
Thomas




















































http://article.gmane.org/gmane.comp.cms.opencms.devel/13016
http://article.gmane.org/gmane.comp.cms.opencms.devel/12122
http://article.gmane.org/gmane.comp.cms.opencms.devel/12038

Enough searching, couldn't find the could article by Alex.




More information about the opencms-dev mailing list