[freeside] User Authentication Setup

ivan ivan at 420.am
Tue Jul 10 23:55:48 PDT 2001


On Wed, Jul 11, 2001 at 02:44:20PM +0930, David Lloyd wrote:
> 
> Hi There!
> 
> I've managed to get Freeside running, however I have an issue:
> 
> If I have an agent "basic agent", how does one stop "basic agent" from
> fiddling with the administration settings?

Agents are orthoginal to users.

> - running a separate page without those settings on doesn't seem secure
> enough to me
>   (i.e. I could authenticate as the real user, setup a trojan freeside
> on my own web servers and so on...)
> 
> - specifically, it looks as though once a user is authenticated they
> have full administration rights; a clerk at the desk, for example, could
> invent an unlimited download plan with no costs with the click of a few
> buttons

Freeside does not attempt to enforce this sort of internal policy. 

You can use the normal Apache authentication methods to restrict access at
the page or directory level: 
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication

-- 
meow
_ivan



More information about the freeside-users mailing list