Security

LINX

Rough Notes

Some information is public

n        Access to collections/trees

 

Most information is private

n        When entering a secure page the identity of a user will be determined

n        Some pages can be used for secure or public access

 

Need to be able to do the following:

n        Login --> Validate user

n        Logout -->  Flush user/disconnect

n        Forgot my password --> send me notification

n        Change Password

n        New Account --> adds new user (temp status?) email password, create UID, create private tree?

 

Notes

Login screen will include account request

Account Requests will use email address and will return a password to the user via email (password will be displayed on test system)

Cookies will be used to store ID of user

Each time a user logins a workstation id will be stored for tracking purposes

Some forms will accept user id flag for read-only access to private info

Users will have Active flag that indicates ability to login and need to replace password.

n        Test to see if already login

n        Yes

n        Display Current User Name

n        Display Update Notes form

n        Display Revise password form

n        Display Oops – logout form

n        No

n        Display Login Form

n        Display I forgot my password

n        Display New User Form

 

Include file for pages that need security…

Secureuser.asp contains all code for displaying forms and for processing results.

Contents/userform.htm is both forms used for security

Crude implementation – need to complete:

n        Password mailback

n        Include component for authorization

n        Mechanism to read-only secure (for ID included)

 

Login Forms