Well my anonymous freind, there are many ways to skin this cat and probably using cookies is the least secure of these. After all I can always manufacture the cookie on my machine and masquerade as someone who has priveliges.

The actual implementation is going to vary depending on what kind of web server you are using, the resources you have available to you, and political factors. For the sake of this discussion I will ignore the political factors.

The simplest way of securing these and I believe the most universal would be to make use of .htaccess (?) files to secure the directories where the front end scripts live as well as any html pages. You would use the directive that requires a login/password and as long as the server in question can recognize the login/password tokens and validate them you are home free.

Doing all this will probably require some reading on your part as milage varies with each server type.

If you are using Apache and have mod_perl loaded and configured this opens up the way to some much more intelligent and flexible options.

For one thing I would consider writing a mod_perl module that does authentication handling and arrange permission atributes for individual users to give them the access they need and no more. OBTW: this would also be a good way to set up some sort of audit trail to track who did what and when.

As I said in my opening remarks there are many ways you can go with this.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Peter L. Berghold --- Peter@Berghold.Net
"Those who fail to learn from history are condemned to repeat it."