We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

White List as Additional Level of User Authentication?

June 30, 2008 5:14pm

Subscribe [1]

  • #1 / Jun 30, 2008 5:14pm

    plurky

    7 posts

    I’m looking at EE as a vehicle to create a subscription library of my articles, webinars, and reports. I’m attracted to EE’s security features particularly preventing multiple logins using the same account.

    However, I’m also curious as to the whitelist / blacklist option.

    If my client is on a VPN to enter organizational intranet, these VPNs usually generate IP addresses. Can I use the whitelist function to force clients to access my library ONLY if they’re logged in through their corporate account? Since their companies are the ones paying the bill, is there a way to ensure that they can only get into my library IF they are accessing through their companies’ network? Since multiple users within the same org can access the library, what if they leave the company and take their un/pw with them to another company?

    (or maybe there is an easier way and I’m not seeing it. I welcome ideas and suggestions.)

    thank you!

  • #2 / Jun 30, 2008 5:52pm

    Lisa Wess

    20502 posts

    Hi, pukry -

    The blacklist and whitelist are for referrers, to stop a number of actions.  The whitelist exists to allow in a domain that may be getting hit in a partial match. For instance, you might want to blacklist “goo” for some reason, but allow google.com in - so you’d whitelist google.com.

    You can certainly achieve what you want but you’d need a custom solution to check the IP and allow them in only if it matched.  There’s no out of the box feature for that but with the proper PHP skills, you should have no problem implementing it as such.

  • #3 / Jul 09, 2008 3:33pm

    plurky

    7 posts

    I finally bit the bullet and bought the commercial license. It’s tough given today almost everything can be free :-p

    I admit I’m not yet comfortable with EE esp. the template customizations the way I was with pmachine (looong ago) and it may take a while. I purchased on the belief that EE probably offers me the best secure subscription /membership management options of any CMS type of app out there to build my online subscription library.

    Now… wish me luck!
    Plurky

  • #4 / Jul 09, 2008 3:36pm

    Lisa Wess

    20502 posts

    Good lucky! *grins*

    If you have any questions as you work through it, don’t hesitate to post in the appropriate forums. We have a great community here, and really awesome technical support specialists to help you out. =)

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register