Dumb Question Regarding Password & Sessions

[Dumb Question]

Okay...I cant figure this one out but then again I'm not
much of a programmer.

I have a website that the security is constructed in this
manner:

Login Page - Submits to Validation Page
Validation Page - Checks database for User/Password
Verified users are past to the requested URL.

I have 1 database with:
1 records table
1 Admin LogIN
1 Client LogON

The Admin can edit records and perform Admin duties with
no problems.

Clients can log on and view account info by entering
their account name.

The problem is even though the two LOGIN (Admin) & LOGON
(Client) pages are validating the user/pass out of
different tables...once validated the Client can click
the Admin LOGIN link and become the Admin...obviuosly
this will not work...sooo

The dumb question is ...how do I fix this mess ?

Would placing the Client page in a different directory
make a differnce..etc?

Thanks

 

[Kevin Spencer]

The problem with your question is that you have enumerated the business
requirements of your app, but nothing about the app itself. There are all
kinds of ways to do security, and all kinds of programming technologies to
do them with. Describing the interface of an application tells you about as
much about the app as describing the part of an iceberg that you can see
tells you about the iceberg.

For example, is this ASP, PHP, CGI, CF, or what? And HOW does it work?

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.

 

[Dumb Question]

"Enumerated", impressive Kevin...MVP.

-----Original Message-----
The problem with your question is that you have enumerated the business
requirements of your app, but nothing about the app itself. There are all
kinds of ways to do security, and all kinds of programming technologies to
do them with. Describing the interface of an application tells you about as
much about the app as describing the part of an iceberg that you can see
tells you about the iceberg.

For example, is this ASP, PHP, CGI, CF, or what? And HOW does it work?

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.




.

 

[Mike Mueller]

I am going to guess that you are using the standard ASP
based validation- you get a username and password from a
form, check it against the database, and give a session
variable to those who pass the test. Your secured pages
have an asp script which checks for the session variable

I use that same basic method, as do countless others. What
I added was a field in the table for security level. This
would be either admin or client. On the validate page the
sql statement pulls that value and places it into the
variable. Then the secured pages can tell if it is a client
or an admin when it checks.


in message : Okay...I cant figure this one out but then again I'm not
: much of a programmer.
:
: I have a website that the security is constructed in this
: manner:
:
: Login Page - Submits to Validation Page
: Validation Page - Checks database for User/Password
: Verified users are past to the requested URL.
:
: I have 1 database with:
: 1 records table
: 1 Admin LogIN
: 1 Client LogON
:
: The Admin can edit records and perform Admin duties with
: no problems.
:
: Clients can log on and view account info by entering
: their account name.
:
: The problem is even though the two LOGIN (Admin) & LOGON
: (Client) pages are validating the user/pass out of
: different tables...once validated the Client can click
: the Admin LOGIN link and become the Admin...obviuosly
: this will not work...sooo
:
: The dumb question is ...how do I fix this mess ?
:
: Would placing the Client page in a different directory
: make a differnce..etc?
:
: Thanks

 

[Kevin Spencer]

What? You have a problem with my vocabulary? It's how I talk. Sorry if it
bothers you. Perhaps I should dumb it down so that I don't offend people
like yourself.

BTW, coz u didn't give me the stuff I axed for, i can not help u more.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.