[PHP5] File Base vs. Directory Based Authentication?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi, I'm looking to implement login/registration system in PHP5 and
MySQL.  Thus, I have come across alot of resources and source code to
perform this task.  However, I'm wondering, what's the best method
(i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
Essentially, I will need to be able to password protect an entire
directory.  Also, a small set of directories will be for admin eyes
only.  BTW, I will have both admin and guest members for this
membership site.  Finally, if you can point me to both source and/or
white papers, I would greatly appreciative.

Thank you,


Re: [PHP5] File Base vs. Directory Based Authentication?

Quoted text here. Click to load it

HTTP authentication is in general more secured than roll-your-own
PHP+database authentication.  The main reason is that you cannot obtain HTTP
headers through client scripting, where ascookies and URLs,  used by PHP's
session mechanism, are easily obtainable.

If you're protecting a bunch of files neatly tucked into a directory, then
use HTTP digest authentication. Read the Apache manual for more details.

Site Timeline