[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
Ophir Prusak
prusak at gmail.com
Sat Oct 23 21:15:25 EDT 2004
I meant secure as in if you leave it up to the web server to ask for
user/pass (and not directly in your PHP) then the code in apache that
does the authentication is probably pretty good.
If on the other hand you're just using a normal form for the user and
password, there are probably more ways a hacker could get around it,
especially for beginning programmers.
Regarding sniffing the user/pass, in both cases it's clear text unless
you use SSL.
On Sat, 23 Oct 2004 13:53:50 -0400, inforequest
<1j0lkq002 at sneakemail.com> wrote:
> It seems we have some differences of opinion.
>
> Matthew Terenzio says:
>
> "While it is a step up from clear text, It should be made abundantly
> clear that it is not for purposes of hiding sensitive data from hackers. "
>
> while Ophir Prusak says:
>
> "2. HTTP Authentication is probably more secure than anything you'll
> ever write yourself. Especially if you implement it at the server level
> (.htaccess) you won't have to worry as much about security holes in your
> code :)"
>
> Do you two care to comment further?
>
> -=john
>
>
>
>
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>
More information about the talk
mailing list