Topic: Single-line Tagboard

How are you gentlemen...

One of the websites my boss has me working on is in need of a little mutable content. Specifically, the executive director of the organization the website is for needs to be able to make quick, one-line updates on part of the page. However, 1) We can't have just anyone tossing in their $0.02 on that space, and 2) the client in question is either unwilling or unable to work with code - in other words, we don't trust him with it.

Does anyone have any suggestions on how to implement this?

~~~
Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein

Well, one suggestion would be to have a small javascript that loads a remote text file that containts the one-line update. The client updates this file and uploads it, the script reads it and displays it on the page.


Justice 4 Pat Richard

That's a good suggestion, Skaarjj. The person that would be using this update feature is someone who will not have regular access to the webspace. In other words, we don't want him to have the passworded access to all the files. On the flip side of the coin, we don't want just any Joe Schmoe posting whatever they like...

Would it be possible to have a javascript read the information from the field of a form and then display it, provided the form's password field matches a certain value?

~~~
Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein

That's pretty much Skaarjj's suggestion, but I'll leave it at him to express himself.

CGI is meant for that: send a form's data, get it s-side through a server-side script, and put it where you can use
it the other way round (to inject it in -whatever- including web pages).

quote:

---

provided the form's password field matches a certain value?

---

Of course, but this doesn't secure many things (if any). You can maybe do it more easilly through a mailbox:
provided the right sender is sending to a given, secret mailbox, that mailbox could automatically
"drop" the update on the server side. It all depends on what kind of backend solution and accesses you have.

If you're going to do any kind of authentication, it must be server-side, not cient-side. That means a language like Perl, PHP, ASP.NET, and so on. Client-side authentication isn't secure at all. All it takes is someone reading the code file (since it has t obe sent t othem for it to work anyway) and your password's out in the open. You ay as well allow anyone to do it.

What I would see if you can do is set up this person with their own FTP account. All that's in that account is the text file they dro pthe tagline in. That file is then sym-linked into the actual webspace, so the website can read it, but so you don't have to give this person full and clear access to the webspace.


Justice 4 Pat Richard

I would set up a page where this person can enter the info via a textbox, using a server side authentication on a user/password field.

You could either use a database or store the data in flat file. A database would be very heavy handed if this is all that's being done, but would work well if there are other aspects using a database already.

This should be as simple as possible for the user - FTP is a bit much if this is someone you don't trust to access things and doesn't get it technically.

Update: now the grand poobah of the site wants a full-blown comment board for other visitors to post.

I'm thinking PhP with a single bulletin board on one page, and a tagline script on the other will kill both these birds with one stone. (Well, axe, I do work near a turkey farm and they don't fly or run fast enough for thrown rocks to be necessary) My boss is looking into our host to see if they support PhP.

Thoughts?

~~~
Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein