|
|
Posted by ELINTPimp on 08/23/07 18:15
On Aug 23, 2:08 pm, "burgermeiste...@gmail.com"
<burgermeiste...@gmail.com> wrote:
> On Aug 23, 1:00 pm, rogerjam...@googlemail.com wrote:
>
>
>
> > On Aug 23, 6:42 pm, Erwin Moller
>
> > <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> > > Hi,
>
> > > If you use Apache, have a look at .htaccess.
> > > Google around, many articles.
>
> > > Regards,
> > > Erwin Moller
>
> > Was going to use .htaccess but I'd require a better user management
> > with MySQL database, registeration page, admin page, forgot password
> > feature.
>
> > Would coding a script that runs every minute and dumps user/pass to
> > a .htpasswd file be too taxing on a high traffic site?
>
> One thing you might think about is this: since .htaccess, .htpasswd
> files are already in a fairly strict format, you can pretty easily
> parse it, and simply update entries in the .hpasswd file when the
> database updates. Basically, keep the .htpasswd file and the database
> concurrent.
..htaccess/.htpasswd is going to give you "true" directory security in
comparison to a php solution. PHP authentication/authorization is
great, but only works on files that have php on it, or goes through
php, etc. For example, I have a page with dynamics data pulled from
the database...that data is protected from access by my controls. The
page itself could be protected using sessions. However, if I have
my_special_pic.jpg in there...all they have to know is the address and
they got it. With .htaccess, however, they will be prompted during
connection. The difference is between HTTP authentication and
whatever you implement in PHP.
Navigation:
[Reply to this message]
|