Jag as a Web Server: Questions...
I need to host a simple, small web site for a market containing only about 50,000 people nationwide. Of that number, only about 20% are online (in other words it will get just a few hits a day). It will NOT be an e-com site (no credit card transactions,etc)
Tricky part:
The website needs to authenticate users (name, password) on the front end before entering our site.
Question: What software or services will I need for authentication?
I am hoping that Jag combined with the built-in Apache, MySQL, PHP and Kerebros will do the trick, without outsourcing any 3rd parties.
I am familier with Apache and PHP, and a little with MySQL, but I have never built a secure site requiring visitors to log in. Can I do it with Jag?
I'm an IS/IT guy (OS, hardware,app, server, etc) and I will be combining my efforts with our internal web/script/html guy.
Background hardware info:
I have built a Gossamer G3 333 running Jag (not Jag server). I may pop in a ZIF G4 card soon. It has 768 MB RAM, and a 20 GB SCSI RAID (using Apple's RAID software). It is on a dedicated T1 in a Cisco DMZ. It is connected to a Retrospect 5.0 backup server with a DLT drive. It is a dedicated web server, no other apps will run. We will update the site using FTP.
Any thoughts or suggestions on authentication?
Any good sites or forums for this topic?
Think this hardware will work?
Tricky part:
The website needs to authenticate users (name, password) on the front end before entering our site.
Question: What software or services will I need for authentication?
I am hoping that Jag combined with the built-in Apache, MySQL, PHP and Kerebros will do the trick, without outsourcing any 3rd parties.
I am familier with Apache and PHP, and a little with MySQL, but I have never built a secure site requiring visitors to log in. Can I do it with Jag?
I'm an IS/IT guy (OS, hardware,app, server, etc) and I will be combining my efforts with our internal web/script/html guy.
Background hardware info:
I have built a Gossamer G3 333 running Jag (not Jag server). I may pop in a ZIF G4 card soon. It has 768 MB RAM, and a 20 GB SCSI RAID (using Apple's RAID software). It is on a dedicated T1 in a Cisco DMZ. It is connected to a Retrospect 5.0 backup server with a DLT drive. It is a dedicated web server, no other apps will run. We will update the site using FTP.
Any thoughts or suggestions on authentication?
Any good sites or forums for this topic?
Think this hardware will work?
Comments
<a href="http://www.macdevcenter.com/pub/a/mac/2002/04/23/apache_six.html?page=3"; target="_blank">http://www.macdevcenter.com/pub/a/mac/2002/04/23/apache_six.html?page=3</a>;
Take care
So on the hardware end you are fine. The built in Apache/PHP/MySQL will do you fine for authentication. Depending on security needs you might want to get a SSL certificate so you can log in using an encrypted page and pass that data back and forth securely. That could be overkill though - many times authentication of users isn't encrypted (it just gets passed once, and the info isn't "top secret" - you just don't want anyone poking around without logging in).
You can use apache to set up password protected directories, or if you want more granular control of users/groups you can set up a system with PHP. I set up a little client area which redirects a person to a different location depending on what username they sign in with for instance.
But really in answer to your question your hardware is fine - and OS X is great for serving websites...
When somebody tries to log in with a username, check to be sure it matches the password stored in the table for that username.
Of course, you have to use a cookie to remember they're logged in if you want to prevent people from just bypassing the front page and linking to pages behind it and then check to see if they're logged in on every page of the site.
<strong>would running OS X server makes the whole configuring process easier?</strong><hr></blockquote>
Well yes, but then you are paying for that software - also there are still things you need to do which don't have a GUI on top (like DNS).
I am running 10.1 Server and am going to migrate to plain vanilla OS X when I make a switch at all (or 10.3 or whatever - I am going to move when I upgrade machines - probably a year or so).
I have been using 10.1 Server since it came out, and in the end have configured everything except mail through the command line for one reason or another. The only thing I haven't used the CLI for is Apple Mail Server (since it works ok and I don't have time to learn Sendmail at the moment).
So yes, the GUI helps a lot - but through version 10.1 the GUI is buggy and lacking in functionality. Can't speak for versions after that...
<strong>Should be easy. Just create a MySQL table called Users and have two fields "username" and "password" in the table.
When somebody tries to log in with a username, check to be sure it matches the password stored in the table for that username.
Of course, you have to use a cookie to remember they're logged in if you want to prevent people from just bypassing the front page and linking to pages behind it and then check to see if they're logged in on every page of the site.</strong><hr></blockquote>
using php and mysql is the way i'd go. also, without knowing what you plan for the site, you may want look into one of the many free or inexpensive blogger publishing scripts for content management. many of them have all kinds of features such as login authentication mumbo jumbo. i like <a href="http://www.pmachine.com"; target="_blank">pMachine</a> a lot because of it's nice feature set, great community and developer support, ease of use, and customabilty. but hey there are a ton more as well. find the one that best works for you.
Otherwise, the previous suggestions work fine. Just make sure that your php scripts don't contain any sensitive information (like database passwords). Have it include the file with that information and make sure that the file is stored outside of documentroot. (You may already know that, but, hey, you asked
edit: yes, this is all perfectly doable with your setup, no extra purchases required. As a matter of fact, you can do this with great ease using 10.1, too.
[ 09-25-2002: Message edited by: torifile ]</p>