PDA

View Full Version : Basic Webapp Security



Michael Mullan
18-Aug-2018, 05:31 PM
Has anyone built a "proper" generic login system, with fleshed tables for webapp users, with things like multi company or group, dedicated security levels, email addresses etc. for use when creating a new webapp from scratch?

I understand that the system supplied ones are intended to be the most basic and generic possible, but still. For every new webapp built this must all be re-visited, but it's not usually the first thing built, as the customer want's to see useful stuff, not User Management pages first.

I'm sure it's worth $200 to save the 4-6 hours of design and build time to have this readily available.

-- New WebAppUser table
-- Webapp User maintenance View
-- Security Group / Permissions editor (Either Individual groups, or specific permission items)
-- Security Groups / Items Table
-- SessionManager WO with integrated rights control.
-- New web-view templates with integrated Security

Thoughts? Code?

starzen
19-Aug-2018, 05:54 AM
Has anyone built a "proper" generic login system, with fleshed tables for webapp users, with things like multi company or group, dedicated security levels, email addresses etc. for use when creating a new webapp from scratch?

I understand that the system supplied ones are intended to be the most basic and generic possible, but still. For every new webapp built this must all be re-visited, but it's not usually the first thing built, as the customer want's to see useful stuff, not User Management pages first.

I'm sure it's worth $200 to save the 4-6 hours of design and build time to have this readily available.

-- New WebAppUser table
-- Webapp User maintenance View
-- Security Group / Permissions editor (Either Individual groups, or specific permission items)
-- Security Groups / Items Table
-- SessionManager WO with integrated rights control.
-- New web-view templates with integrated Security

Thoughts? Code?

We have connected our own user table to the webappuser without replacing it. Login information comes from our table and is encrypted. Also added recaptcha and two factor authentication to the login as well as password recovery and other things and of course it includes security option as well

The security options are generally too specific to be applied to other projects though. I have built several generic security systems for apps but most of the time we end up having a custom built one for each project

What would be nice is a better design on DAWs part on all these interfaces. In ASP.NET the security interfaces are well defined and can easily be replaced by custom interfaces. In DF right now they are not that easy to replace keeping in mind maintenance down the road