Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security question

  • 15-01-2002 9:45am
    #1
    Evil Phil
    Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭


    I've posted it on the webmaster board here


Comments

  • #2
    Ronin
    Registered Users, Registered Users 2 Posts: 521 ✭✭✭Ronin


    Hmm, it's one of various method's you can use and its as secure as u want it to be..i mean if someone else has access to the directory you place ut .htpasswd file in then they can just read it and get the details, but if you've the encrypted passwd in there that's what they'll see and then will have to crack that to get to the actual password. If you can lock down those who can get access to the .htpasswd file physically then chances of getting the passwd's goes down considerably.

    Most people using virtual hosting have no choice but to use it. And it generally does the job. Plus you can also use the .htaccess file to restrict off access to certain ip's etc and do some other funky stuff to get around things that server admins might turn off

    But generally .htaccess is a pretty decent way to auth users. Although writing something into your code to auth the users would be somewhat better, chances are you'll be restricted to a flat text file to hold the details, unless you've access to some db, in which cause you might as well just use .htaccess.

    /me hopes that make sence..

    Ro


  • #3
    Evil Phil
    Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    makes sense to me. Thanks Ro.


  • #4
    Ronin
    Registered Users, Registered Users 2 Posts: 521 ✭✭✭Ronin


    You also need to think about the access you have to the server as well.

    If its your own server you can do what you will, if not you need to find out how restricted you are. Different isp/hosting companies allow you do different things, so the .htaccess might be all your left with..

    And as ecksor says you have to think about what ways people will be inputing the data..

    Just think about how sensitive the info is, and if you can lock it down to only allowing certain ip's to auth sucessfully.

    Ro


  • #5
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by Ronin
    And as ecksor says you have to think about what ways people will be inputing the data..

    Did I say that? I meant to, if I didn't :)

    Anyway, I'll lock this and let the thread continue on the web board, amp can move it here if he wants, but best to keep it in one coherent place I think.


This discussion has been closed.
Advertisement