|
From: | Patrick Price |
Subject: | Re: [Phpgroupware-users] FAQ? and admin authentication bugs |
Date: | Tue, 10 Sep 2002 13:38:23 -0400 |
User-agent: | Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2 |
If you think there is a better way, suggest one.
How about:1: Scrap the authentication entirely for config/setup and put /setup pages in a .htaccess protected directory (or secure by obfuscation). Lots of packages do this. So phpGroupWare wants to be different. That's cool, but if by different you mean being harder to setup, use and understand, then different is bad.
OR2: Generate a session id for config/setup login the same as for other phpGroupWare logins. Use the same API the normal accounts use to login. The session id's seem to work well.
Or roll the configuration pages into an app which is automatically installed as part of the admin account. This means removing the so-called convenience of not having to hand-edit any configs prior to installation. Set a couple of paths, run a script to create the admin and demo accounts, then login as admin and complete the configuration. One admin login instead of three (setup/config; header; admin) as it has now.
-Patrick Price
[Prev in Thread] | Current Thread | [Next in Thread] |