Posted by Gordon Burditt on 11/14/97 11:21

>I have never tried to build a web site to restrict users. Before, I always
>wanted everyone to be able to get to everything that I put on one of my
>sites. So now I am trying to write (actually just to learn to write) a
>site with a passworded front door. That is to say, you don't get in
>without the password. Not a thermonuclear secure site proof against
>crackers, the CIA and so forth - just a site with authorization needed.
>Kind of like they do at online newspapers.

Consider the possibility of using Apache basic authentication,
activated in .htaccess files. Simple, secure, and it's pretty much
done for you except turning it on and any issues of maintaining the
user list. No PHP code at all required (although the PHP code can
look at who you're logged in as and do something with it, like look
up access privileges associated with that account). I believe there
are some modules for Apache which allow authentication from a MySQL
database, which makes adding users easier.

Gordon L. Burditt

• Next in forum: INSTALL: bz2 support for php5 on debian
• Prev in forum: Re: URGENT HELP - form submit stops working when so many check boxes checked - Why?
• Thread view: Re: More questions on security.

[Reply to this message]