CodeCharge Studio
search Register Login  

Visual Web Reporting

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> Help/Consulting -> Help - Jobs Available

 Looking for help - Typo3 knowledge helpfull

Print topic Send  topic

Author Message
Denis Grenier
Posted: 09/08/2007, 3:44 AM

Introduction :
I tried to solve this challenge myself but hat to give-up. I am now willing
to pay, (or to be forever in debt) to solve it.

The story:
I have create a web site for my company services: www.nuuco.com . I chose
two main technologies to achieve the purpose of the website:

Typo3: a well known public domain CMS that support the redaction, edition
and Multilanguage needed.
CodeCharge Studio: a solid program generator to handle all database
transactions.

As you might guess, security (logon and related) are not handled the same
way by both applications and I am now at the point where logging twice is
not acceptable. I need a solution

Security in Typo3: When a user logon, a session_id is created
(hexadecimal - 10 positions). This session_id can be retrieves as needed in
a session variable (Array).
This session_id is the primary key of a record in a table: fe_sessions.
When reading fe_sessions we find Ses_Userid, Ses_IpLock.
Another table: fe_users hold the username and usergroup(Array).

Security in CodeCharge Studio:

In CodeCharge studio, the program generate a logon.php program. Before
generating the program, you need to stipulate the table for users along with
fields for UserID, UserName, Password, UserGroup. In the login process,
CodeCharge studio will create three sessions variables for UserID, Username
and UserGroup. I don't know if there is an IP verification being made.

In order to solve the challenge there is two potential solutions:

The quickie:

Create a mod on the typo3 newloginbox extension in order to create the
needed session variables by CodeCharge Studio application. If there is an
additional check for the IP address, it would need to be resolved.

The more complex one:

Create a mod in Codecharge Studio to get the Typo3 session_id and from there
read the database to retrieve Userid, Username and Usergroup. This could
improve security of my application. Again IP verification, if in CodeCharge
Studio would need to be taken care of.

Again, I am willing to pay to solve this challenge. Should you believe you
can be up this challenge, please contact me.

You can download typo3 from www.typo3.com. CodeCharge Studio provide a
fully functional 30 days evaluation of their software at www.yessoftware.com

Thanks

Denis Grenier

Président

189, boul. Hymus
Suite 300
Montréal, Québec
H9R 1E9

@: mailto:denis.grenier@nuuco.com
w: http://www.nuuco.com
Tel: 514-946-4767
Fax: 514-694-1740
My Linkedin Profile


Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Web Database

Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.