As we already explained in the previous section, in order to display a private page is necessary to have an authenticated session. We generally create this session with a valid username/password combination. We will now explain all the components involved in the creation of a valid session.

Components involved in the authentication scheme

In DBSP, an authentication scheme is composed by three components:

1. A DBSP login page.

2. An authentication SQL Query.

3. A table that contains valid username/password combinations and profile information.

The next figure shows how the process works:

In the first step, the login page is displayed. This page usually contains a login and password field although is not a rule (you could include for example a combo box with the department name or a supervisor password or any information that you need that the user provides in order to be correctly authenticated).

The second step starts when the user types his/her credentials and press the send button. Here, the server executes a predefined SQL sentence (login sentence) that uses the fields data. For example, if the database contains a table with the valid username/password combinations and profile information, the SQL sentence should consist in selecting all the records which user name and password match with the ones provided.

The third and last step is to grant or deny access. The decision is automatically based on the next condition:

Case 1: IF the query returned no records THEN the access is DENIED.

Case 2: IF the query returned at least one record THEN the access is GRANTED.

This is a general description of how the authentication scheme works. In the next sections we will explain in detail each of the components involved.

Previous | Next