Locking down an intranet site1 user found helpful
Now I am getting pretty good working on permissions and various blocks/packages but I am not to sure how the best way to lock down a site to prevent unauthorised users from accessing the site.
They are not to keen on having to sign-in to access the site but I have a couple of thoughts for this
1- Login Groups - assign each location a user account, at this stage I could probably do with multiple groups in a tree structure, ie Users(country1=>(user1,user2..),country2=>(user1,user2..) (Could this be done with c5? Or would I create two groups then assign all to the clients, and then specific locations to a country-group).
The remember me function when logging in does this store a cookie? if so how long is the expire set to, as I could get them to log in, once at each location=>machine
2- Set access based on IP, I have seen the IP Blacklist but is it possible to use this as a white list? to only allow certain ip's to access the site?
3- A gateway that sets a cookie, I would rather not use this way but I assume its possible to create a block on page view sets a cookie which in turn allows access to the site without having to log in.
I would be interested to hear your ideas on how this could be implemented.
At this stage we are still in talks about the Intranet and what platform to use, we are using concrete to develop a micro site for them which will contain 1000+ pages so it would be good if we could tie the overall site and administration areas together for both the micro-site and Intranet.
If anyone knows how I could get C5 to automatically login using their windows credentials, that would be fantastic. I know there is a module for Apache, but that wouldn't log them into the site...
We have looked at using the htaccess for the IP whitelist our client is quite keen on being able to content manage the site and access.
Also at this stage I can not guarantee that all the IP's will be fixed, as some of the smaller locations may possibly be dynamic.
It's unclear at this stage, the windows login options could be a good solution, but I would not know where to begin with that one.
The users will have to enter their username and password, however, I personally don't think that is such a bad thing and you can always set a longer cookie time.
Also, this module looks promising:
THat'd be awesome. I'm afraid of selling something for LDAP in the marketplace as it's such a custom problem.