|
Posted by Raymond Still on 01/29/05 22:32
Hello;
I'm trying to figure out the best (most secure and most
user friendly, security of primary importance) way to
let a user log-in.
I am setting up a web application (database
application) that will be for private use only and I
want to keep it secure.
As I understand it, using the Apache htaccess method is
secure as there is essentially no communication without
a username and password, but it does lack a little in
flexibility and presentation.
On the other hand, PHP certainly has the edge on
flexibility and presentation, but I have questions
regarding it's security. If you look at the threads
regarding connecting to databases, you often see a
warning to the effect of: store your connection
password etc, outside of the document path in case PHP
fails and your file is displayed unprocessed.
So my question is, how can you count on PHP to log
somebody in, and prevent access to files when PHP may
fail, or the user could just go into the directory
structure and bypass security.
TIA
Ray
[Back to original message]
|