Zipbang
asked on
IIS & PHP Site security
I have a lot of 'intranet' development experience, not a lot of 'internet' experience. A client wants web-based access for their MySQL databases hosted on the internet.
If we choose third-party hosting for the site via IIS (their choice, I agree) for pages and databases, is it a good practice in my pages to throtle content access based on user login name alone? The idea being that only (IIS) authenticated users will get access to the site, once in, my pages grant access to pages and page elements based on user login names bounced against the user login name table.
thanks for your help.
If we choose third-party hosting for the site via IIS (their choice, I agree) for pages and databases, is it a good practice in my pages to throtle content access based on user login name alone? The idea being that only (IIS) authenticated users will get access to the site, once in, my pages grant access to pages and page elements based on user login names bounced against the user login name table.
thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gentlemen,
I agree with both of you and Ray's article is a great resource. IIS is in set stone for several reasons, all client driven. They do want legacy MS SQL db's in the mix as well later on. They want to host from their location, not my choice and not my recommendation. Maybe I should have been more detailed.
My question should be more like: Should I recommend they use active directory type access control and throttle content based on username alone? This would mean they only log into the web site with their AD credentials, I use their username from there. Alternatively, they open the site to all users and I use PHP as the lone gatekeeper (i.e. Ray's article).
I agree with both of you and Ray's article is a great resource. IIS is in set stone for several reasons, all client driven. They do want legacy MS SQL db's in the mix as well later on. They want to host from their location, not my choice and not my recommendation. Maybe I should have been more detailed.
My question should be more like: Should I recommend they use active directory type access control and throttle content based on username alone? This would mean they only log into the web site with their AD credentials, I use their username from there. Alternatively, they open the site to all users and I use PHP as the lone gatekeeper (i.e. Ray's article).
I don't know how to do that. There is nothing intrinsic about PHP that will use their Active Directory credentials so I'm assuming that IIS will. Not something I have ever done.
I've never tried to integrate PHP and Active Directory. You might want to look into Laravel "Auth" and see if it leads you in a good direction. It may be oriented toward Unix, but could be susceptible of modification to use IIS. And it has a lot of support on GitHub.
ASKER
Thank you for your help
You might want to take another look at what the tasks are to see how you might want to do this.