470,833 Members | 1,346 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,833 developers. It's quick & easy.

HTTP Authentication without the Pop-Up

Is there a way to authenticate using Apache's basic authentication
without having the pop-up? For instance, can a person use a form that
authenticates using the built-in authentication? Does that make
sense?
Jul 17 '05 #1
2 2224
paul brown wrote:
Is there a way to authenticate using Apache's basic authentication
without having the pop-up? For instance, can a person use a form that
authenticates using the built-in authentication? Does that make
sense?


Yes. Yes it does.

I don't like the awful HTTP 1.x authentication either. I just use an
HTML form and then use a cookie to keep the credentials. Then you can
access the cookie each time to get the credentials and check them
against the user database.

Not very secure, but neither is HTTP authentication (unless the entire
connection is encrypted with SSL, but I can't afford such luxuries).

A compromise is to use sessions. That way, you can send the password
over an encrypted connection once (saving on bandwidth) and then use
unencrypted sessions to identify the user once they've logged in through
an HTML form. If you check the IP address of the user that claims to be
the session user, you should be able to get good security. Well, good
enough for non-critical applications.

I haven't written code for session-based authentication yet, though. I'm
sure that PHP makes it perfectly possible.
--
Bob
London, UK
echo Mail fefsensmrrjyaheeoceoq\! | tr "jefroq\!" "@obe.uk"
Jul 17 '05 #2
"Robert Downes" <no**********@see.my.signature.con> wrote in message
news:40**********************@mercury.nildram.net. ..
paul brown wrote: I haven't written code for session-based authentication yet, though. I'm
sure that PHP makes it perfectly possible.


Sure!

PEAR:Auth

works great!

Walter
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by aj | last post: by
reply views Thread by aj | last post: by
27 posts views Thread by Jeremy Yallop | last post: by
1 post views Thread by David Krussow | last post: by
6 posts views Thread by Kevin Yu | last post: by
2 posts views Thread by Bruce Groen | last post: by
3 posts views Thread by KNC | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.