This topic is locked

Secure individual pages?

12/30/2006 12:02:55 AM
PHPRunner General questions
L
larsonsc author

Is it possible to secure individual "pages" of my site that I am designing with this software? I have some maintenance views that have been created for my convenience, but I'd rather be able to lock them down so that the rank and file (whom I do not trust) can not go in and FUBAR certain tables such as my dropdown menu table.
I know I could always move those specific pages to a secured folder, but that might require a little hacking of the code after the move.
Just curious if this is a possibility or not. Thanks.

T
thesofa 12/30/2006

When you go to the security tab, click on Advanced and then on User Group Permissions, here you can set permissions for each user group on each page created.

You need an additional field in the table of users, called level or similar, this allows you to grant access to pages according to the "rank" of each user.

At work we have 5 levels of users, ranging from a teacher, through heads of department, tutors, heads of year and ending with Senior management team.

Each group has permissions according to agreed levels of access to the application.

In addition, you can specify a user who has full admin rights, see the Advanced security settings dialogue box, called from the Advanced button on the security page.

These settings only work if you have a login page using usernames and passwords from the database, unless you use the LDAP hack to get the user names and use AD authentication.

If you want to go down this route, there is a post all about setting up LDAP here , it is not simple, it takes some hacking of the FINISHED code, but it works well.

HTH

L
larsonsc author 12/30/2006

Currently the only authentication that is done to get to my site is via .htaccess. I don't have the users log into the database system as well. Would I still be able to use the user groups option as you mentioned thesofa?

T
thesofa 12/30/2006

not as far as I know, it is easy to set up a quick test project, why not just try it and see?

I think you can only have access rights if you conntrol access?

seems about right to me.

You could throw a quick site together in 5 minutes and try it.

Please post here to confirm/deny the results.

Cheers.

Sorry about the wishy washy 200th post.

Sergey Kornilov admin 12/30/2006

PHPRunner security and .htaccess-based security have nothing in common.
If you don't use PHPRunner security at all check .htaccess manual on protecting individual files.

http://www.garnetchaney.com/htaccess_tips_and_tricks.shtml

L
larsonsc author 12/30/2006

PHPRunner security and .htaccess-based security have nothing in common.

If you don't use PHPRunner security at all check .htaccess manual on protecting individual files.

http://www.garnetchaney.com/htaccess_tips_and_tricks.shtml


Thanks. I'll check that out. I only need to secure a couple of maintenance pages, so this should be an easy solution.