By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,987 Members | 971 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,987 IT Pros & Developers. It's quick & easy.

[PHP5] File Base vs. Directory Based Authentication?

P: n/a
Hi, I'm looking to implement login/registration system in PHP5 and
MySQL. Thus, I have come across alot of resources and source code to
perform this task. However, I'm wondering, what's the best method
(i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
Essentially, I will need to be able to password protect an entire
directory. Also, a small set of directories will be for admin eyes
only. BTW, I will have both admin and guest members for this
membership site. Finally, if you can point me to both source and/or
white papers, I would greatly appreciative.

Thank you,

-Conrad

Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
<co******@runbox.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Hi, I'm looking to implement login/registration system in PHP5 and
MySQL. Thus, I have come across alot of resources and source code to
perform this task. However, I'm wondering, what's the best method
(i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
Essentially, I will need to be able to password protect an entire
directory. Also, a small set of directories will be for admin eyes
only. BTW, I will have both admin and guest members for this
membership site. Finally, if you can point me to both source and/or
white papers, I would greatly appreciative.


HTTP authentication is in general more secured than roll-your-own
PHP+database authentication. The main reason is that you cannot obtain HTTP
headers through client scripting, where ascookies and URLs, used by PHP's
session mechanism, are easily obtainable.

If you're protecting a bunch of files neatly tucked into a directory, then
use HTTP digest authentication. Read the Apache manual for more details.
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.