Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
January 13, 2005, 10:05 pm
rate this thread
MySQL. Thus, I have come across alot of resources and source code to
perform this task. However, I'm wondering, what's the best method
(i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
Essentially, I will need to be able to password protect an entire
directory. Also, a small set of directories will be for admin eyes
only. BTW, I will have both admin and guest members for this
membership site. Finally, if you can point me to both source and/or
white papers, I would greatly appreciative.
Re: [PHP5] File Base vs. Directory Based Authentication?
HTTP authentication is in general more secured than roll-your-own
PHP+database authentication. The main reason is that you cannot obtain HTTP
headers through client scripting, where ascookies and URLs, used by PHP's
session mechanism, are easily obtainable.
If you're protecting a bunch of files neatly tucked into a directory, then
use HTTP digest authentication. Read the Apache manual for more details.