Login

The Login page has a field for an OUAC number and for a password. When a user logs in, the password goes through MD5 hashing and the hash is compared to the password hash field in the database for the given OUAC number.

If this is the first time the user has logged in then the applicant record will be updated with an activation date which will ensure that the account will not be removed from the system.

To keep track of the login, a cookie is created on the client side which holds the OUAC number and MD5 hash of the password. Every page in the Application checks the cookie against the database to ensure that the user is genuine before handling any request.

Please note that this is not the most secure way of protecting a user's account. Technically, if someone else were able to aquire a user's cookie, that person would have access to the user's account. A more secure way would be to have a table holding session data for a user who is logged in. The table would hold a session id, the user's ip address, and any necessary data such as the OUAC number. A cookie would be given to the client which contains only the session id. Then the cookie session id and user's ip address would be compared with the database each time a user loads a page to ensure that the user is genuine. A better way still would be to find some way of using https. Since our application does not contain any vital data, we believe that he current level of security is adequate. In the future, new security measures like those above may be warranted.

After the cookie is in place the user is routed to a page where he/she may begin editing the Graduate Application.

Topic revision: r4 - 2013-07-31 - DrewPilcher
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback