Security question

Evil Phil

I've posted it on the webmaster board here

Ronin

Hmm, it's one of various method's you can use and its as secure as u want it to be..i mean if someone else has access to the directory you place ut .htpasswd file in then they can just read it and get the details, but if you've the encrypted passwd in there that's what they'll see and then will have to crack that to get to the actual password. If you can lock down those who can get access to the .htpasswd file physically then chances of getting the passwd's goes down considerably.

Most people using virtual hosting have no choice but to use it. And it generally does the job. Plus you can also use the .htaccess file to restrict off access to certain ip's etc and do some other funky stuff to get around things that server admins might turn off

But generally .htaccess is a pretty decent way to auth users. Although writing something into your code to auth the users would be somewhat better, chances are you'll be restricted to a flat text file to hold the details, unless you've access to some db, in which cause you might as well just use .htaccess.

/me hopes that make sence..

Ro

Evil Phil

makes sense to me. Thanks Ro.

Ronin

You also need to think about the access you have to the server as well.

If its your own server you can do what you will, if not you need to find out how restricted you are. Different isp/hosting companies allow you do different things, so the .htaccess might be all your left with..

And as ecksor says you have to think about what ways people will be inputing the data..

Just think about how sensitive the info is, and if you can lock it down to only allowing certain ip's to auth sucessfully.

Ro

ecksor

Originally posted by Ronin
And as ecksor says you have to think about what ways people will be inputing the data..

Did I say that? I meant to, if I didn't

Anyway, I'll lock this and let the thread continue on the web board, amp can move it here if he wants, but best to keep it in one coherent place I think.