Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Creating .htaccess files

  1. #11
    Junior Member
    Join Date
    Apr 2004
    Posts
    2
    can u all help mi to create a .htaccess file and .htpasswd file

  2. #12
    Banned
    Join Date
    May 2003
    Posts
    1,004
    .htpasswd is an inferior method of providing access controls for websites. If the web service software is compromised so are all the .htaccess protected directories. Better off using the operating system access controls (though apache doesn't provide simple authentication pass through) or securing the material in a database.

    Either way the data is not released by an application level bug in the web service.

    catch

  3. #13
    Junior Member
    Join Date
    Apr 2004
    Posts
    2
    can anyone create User Authentication with php can give mi the code and how do u create username and passwd using php

  4. #14
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718
    Originally posted here by catch
    .htpasswd is an inferior method of providing access controls for websites. If the web service software is compromised so are all the .htaccess protected directories. Better off using the operating system access controls (though apache doesn't provide simple authentication pass through) or securing the material in a database.

    Either way the data is not released by an application level bug in the web service.

    catch

    Greetings Calvin.


    Catch is correct, although "Inferior", is an arrogant way to state it. He knows his Shiznit.

    There is nothing wrong with research however, and a great deal can be learned from the "Old School"......"Obsolete". Crapola!


    http://www.zend.com/zend/tut/authentication.php

    Remember it all seems like crap two months later!
    Get some good religion from Bad Religion.

  5. #15
    Banned
    Join Date
    May 2003
    Posts
    1,004
    "Inferior" is not an arrogant way to say it at all, it is an accurate way to say that .htaccess is "lower in quality."

    Good security is mathematically sound and never goes obsolete, this is why nearly all (good) current security principals date back to the 60's and 70's. Things like .htaccess were never good, not even when new as it is based on a flawed concept (allowing applications to control their own security.)

    catch

  6. #16
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    IMO, a layered approach is best so that if there is a failure by one piece of software, it can be stopped by another. To use any one method to secure a system is to place all your eggs in one basket, and is a silly concept. You may want to look at using a combination of such methods in tandem.

    If you rely on in the operating systems' access control software, database software, or the web application (PHP/ASP/CGI, etc) that utilizes the database, those are all also potential holes. Instead of guaranteeing access and relying on only those things to do all the prevention, what does another level of prevention cost? A few minutes of your time. It seems worth it to me.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  7. #17
    Banned
    Join Date
    May 2003
    Posts
    1,004
    The problem with layered security is that it is VERY rarely implemented correctly, so in fact it is not actually layered. That is many types of security not dependant on each other so if any one fails, the system is compromised. In that case you are merely creating additional surface area to attack. Really what needs to be done is to rely on a reference monitor, a single point of very high assurance security that is: tamperproof, small enough to be verified, and comprehensive. A single point of very high assurance security is much better than many low assurance mechanisms.

    As a minimum security should never be controlled in a nonhirearchical manner (that is any application being responsible for it's own security).

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •