rejetto forum

Access differentiation

Guest · 7 · 2872

0 Members and 1 Guest are viewing this topic.

ArchangelCC

  • Guest
Hello!
Is it possible to configure server, that any conections from my subnet don't need any authorisation at all and need it from others?


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
If you use username and passwords for your externel users, this means you have protected items on your server. This could not be accessed by no way without a login.

So, if you want that for your local users not to be necessary to press the loginbutton and fill out the form with username and password, i suggest the following.

Create an account for your local users, for example username:local and password: net. All local users can use the same account.

Then, instead of accessing with http://192.168.nn.nn:port/ have them access with http://local:net@192.168.nn.nn:port/ that does then login directly.

To avoid that users from outside use this username and password, you can put in the [special:begin]section the following macro:

{.if |{.and|{.not|{.match address|192.168.1.2-192.168.1.255|%ip%.}.}|%user%=local.}|{:{.disconnect.}:}.}
your computer has no brain - use your own !


Offline Pit

  • Tireless poster
  • ****
    • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Hi Bacter,

i create a user called "local" with the password "net". But if a try the login as your sample i get the normal portalsite. Then i have to open the menu and after a klick on the button "login" in the menu i see the protected folder. Is this the right way? Thanks (Antwort in deutsch würde mir natürlich gefallen  ;))
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2062
    • View Profile
pit make a test with

menu > others options > Browse using localhost   unchecked
menu >  accepts connection > anny address



put the line into the
<body>
{.if |{.and|{.not|{.match address|127.0.0.1|%ip%.}.}|%user%=local.}|{:{.disconnect.}:}.}
....
 </body>

save template ;D

Open two browser window and connect one with 127.0.0.1 and the second with your computer ip (192.168.....)

you must obtain the same page and then login you with the to browser as 'local' + 'net' ,

with 127.0.0.1  alll is good , but the second you are disconnected ;)
« Last Edit: February 25, 2009, 01:16:12 AM by mars »


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
There seems to be a problem with different browsers and their 'security-features'.

1. Works as expected with firefox 3.0.6 on ubuntu: you enter directly and logged-in in your page.

2. Works half-ways with firefox 3.0.6 on vista and xp-sp3 and windows7: you must push the login button and you enter without appearing the window where to introduce username and password.

3. With msie 7.0 and 8.0 there is no way: this browser is as clever as microsoft-engineers seem stupid. It says directly that this is no valid address without doing the page-request.

4. with chrome on xp you can't even login -> error

5. with Safari on xp there is no way to understand what it does, except that it does not work.

I think to remember that this feature worked some time ago on XP, but i fear that this feature was eliminated with some of this shitty security updates (XP = microsoft patchwork).
your computer has no brain - use your own !


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13521
    • View Profile
there is no such feature, but it has often been required.
and i can see why.
i guess best solution is to be able to use a script like

[grant access]
{.match address|127.0.0.1|%ip%.}


the logic would be that through the script you can say when to give permission.
this would not cover the need to say when NOT to give permission.
i mean. you may want to deny permission even to people that knows the password, just you want that account to work only in LAN.
althought this example will be solved differently (i think), i may just support an event [deny access].

this solution may apply also to other permissions delete/archive/upload.


ArchangelCC

  • Guest
There seems to be a problem with different browsers and their 'security-features'.

1. Works as expected with firefox 3.0.6 on ubuntu: you enter directly and logged-in in your page.

2. Works half-ways with firefox 3.0.6 on vista and xp-sp3 and windows7: you must push the login button and you enter without appearing the window where to introduce username and password.

3. With msie 7.0 and 8.0 there is no way: this browser is as clever as microsoft-engineers seem stupid. It says directly that this is no valid address without doing the page-request.

4. with chrome on xp you can't even login -> error

5. with Safari on xp there is no way to understand what it does, except that it does not work.

I think to remember that this feature worked some time ago on XP, but i fear that this feature was eliminated with some of this shitty security updates (XP = microsoft patchwork).
Yeah and sems that not work with PS3 browser =( It don't recognize http//login:pass@bla.bla:bla and cant login with internal login system =(