Hi,
I'm trying to design a Web-based application that requires manual user authentication based against security values for users located in a SQL table. In other words, the user starts from a login page, enters their username/password, and then a WQS agent connects to the SQL table and checks to see whether the user exists. If the user exists, and their security fields permit it, they are taken to a Welcome page, where the user can generate various reports from forms in the target database with other agents. If they don't authenticate, they are re-directed back to the login form with a message that their username/password is incorrect.
However, there is a very big hole in my solution: anyone can type a URL that accesses a particular form or agent in my target database (e.g. "
http://myserver/targetDB/RestrictedForm?OpenForm¶m1=ABC" or "
http://myserver/targetDB/RestrictedAgent?OpenAgent¶m1=ABC" and bypass my security check. How can I modify my forms and agents to block users that haven't gone through my login form and authenticated?
Any suggestions are appreciated!
Return to top
help with manual user authenticatio... (~Anita Xanponev... 21.Jan.04)
. . 
Print this page
