| |
How to Create a Website Access Security Facility
Many times website owners wish to secure one or more areas
in their site, allowing only authenticated users to gain entry. HostedDatabase.com Enterprise accounts
automatically have this ability using a by-product of Enterprise database features. When
set-up as a website access security mechanism, Enterprise allows you to insert a user login
page which authenticates each user before admitting them to the secure area of the site.
Just follow the simple steps below to add database-driven security to your website.
| Step 1 |
Begin by creating a new "dummy" Enterprise
database. You won't actually use the database itself, but rather the HostedDatabase.com Enterprise
security features that come along with each Enterprise database. For example, from the
Control Panel click on the Create a new, empty database and follow the
steps of the Web Database Publishing Wizard. Since this is only a dummy database,
just specify a single field, of any data type. Continue the process, accepting all defaults
along the way. |
| Step 2 |
Once you've created the dummy database, go back to
the Control Panel and click on Update database properties. Select
the name of the dummy database, and set the Enable Enterprise features for this database
property to "Yes". |
| Step 3 |
Next, you need to set the value of the
property: Specify URL for search criteria page after enterprise user's successful login to
the name of the main Web page of the secure area of your site. This is the page authenticated users will
see after a successful login. Be sure to click on the Update Properties button to save your
changes. |
| Step 4 |
You may now create some users that will be able
to access the secure area of the site. From the Control Panel click on
Update and maintain Enterprise users to enter one or more users at your discretion.
There is no limit to the number of users you may define. |
| Step 5 |
Now it is time to have HostedDatabase.com generate the
HTML code for your login page. Go back to the Control Panel, click on
Generate HTML for Enterprise user to login before doing a search, select your dummy
database, and copy/paste the HTML code into your HTML editor. Save this new page on your web
server. Change your site's navigation to go to the new login page. Now each time your users
attempt to enter the secure area, they will be prompted for a password. |
| Step 6 |
In order to prevent authorized users from
bookmarking a secured page and passing it along to an unauthorized user, thus avoiding
the login page, you can add Javascript code on the secure page to check if the prior
page was the login page. You can secure more than one area of your
site by just using the same login page in different places on your site. Here is sample
Javascript code you can use as a template for protecting secure pages:
<html>
<script language="javascript">
function previous_page() {
// check to see if it was redirected from the start page
if (document.referrer != "http://www.yoursite.com/startpage.htm") {
// force user to go back to the start page
window.document.location = "http://www.yoursite.com/startpage.htm";
}
}
</script>
<body onload="previous_page();">
Welcome to our web site.
</body>
</html>
|
|
|
|
