-
April 9th, 2004, 02:39 AM
#11
Junior Member
can u all help mi to create a .htaccess file and .htpasswd file
-
April 9th, 2004, 02:58 AM
#12
.htpasswd is an inferior method of providing access controls for websites. If the web service software is compromised so are all the .htaccess protected directories. Better off using the operating system access controls (though apache doesn't provide simple authentication pass through) or securing the material in a database.
Either way the data is not released by an application level bug in the web service.
catch
-
April 10th, 2004, 01:59 AM
#13
Junior Member
can anyone create User Authentication with php can give mi the code and how do u create username and passwd using php
-
April 11th, 2004, 11:00 AM
#14
Originally posted here by catch
.htpasswd is an inferior method of providing access controls for websites. If the web service software is compromised so are all the .htaccess protected directories. Better off using the operating system access controls (though apache doesn't provide simple authentication pass through) or securing the material in a database.
Either way the data is not released by an application level bug in the web service.
catch
Greetings Calvin.
Catch is correct, although "Inferior", is an arrogant way to state it. He knows his Shiznit.
There is nothing wrong with research however, and a great deal can be learned from the "Old School"......"Obsolete". Crapola!
http://www.zend.com/zend/tut/authentication.php
Remember it all seems like crap two months later!
Get some good religion from Bad Religion.
-
April 11th, 2004, 06:50 PM
#15
"Inferior" is not an arrogant way to say it at all, it is an accurate way to say that .htaccess is "lower in quality."
Good security is mathematically sound and never goes obsolete, this is why nearly all (good) current security principals date back to the 60's and 70's. Things like .htaccess were never good, not even when new as it is based on a flawed concept (allowing applications to control their own security.)
catch
-
April 11th, 2004, 07:21 PM
#16
IMO, a layered approach is best so that if there is a failure by one piece of software, it can be stopped by another. To use any one method to secure a system is to place all your eggs in one basket, and is a silly concept. You may want to look at using a combination of such methods in tandem.
If you rely on in the operating systems' access control software, database software, or the web application (PHP/ASP/CGI, etc) that utilizes the database, those are all also potential holes. Instead of guaranteeing access and relying on only those things to do all the prevention, what does another level of prevention cost? A few minutes of your time. It seems worth it to me.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
April 11th, 2004, 07:34 PM
#17
The problem with layered security is that it is VERY rarely implemented correctly, so in fact it is not actually layered. That is many types of security not dependant on each other so if any one fails, the system is compromised. In that case you are merely creating additional surface area to attack. Really what needs to be done is to rely on a reference monitor, a single point of very high assurance security that is: tamperproof, small enough to be verified, and comprehensive. A single point of very high assurance security is much better than many low assurance mechanisms.
As a minimum security should never be controlled in a nonhirearchical manner (that is any application being responsible for it's own security).
catch
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|