September 21st, 1999, 05:09 PM
If I have around 5000 registered users, when a user wants to log in, what is the best way to handle authorization -1. take username and password input and compare in the user table in mysql or 2. use the good old way .htaccess?
September 21st, 1999, 05:57 PM
I don't know if there is a best way
I PREFER to create users and groups to access certain areas of a site with .htaccess. Then I let php scripting include the login for the mySQL databases. This limits the users in the databse. I have not had a security problem doing it this way (yet).
September 23rd, 1999, 02:35 PM
The only thing to be aware of when using .htaccess for name/password protection:
Apache is NOT very efficient at searching for the name/pw combination. With very large groups you'd probably be better using a form based login and a RDB like MySQL for access verification.
At 5000 users you're probably ok with .htaccess but much more than that...