#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Ottawa, ON, Canada
    Posts
    1
    Rep Power
    0
    I want to provide users access to their files on our server via the web. I would like to do this in some way that doesn't open the server up to all sorts of security holes (encryption isn't reallt an issue since we're using SSL).

    So far, I have looked at Apache basic authentication via .htpasswd and PHP_AUTH_*. These do not seem to do what I want them to.

    I am still using PHP3, so I havn't yet looked at PHP Session Management. Would this do the trick? Thank you for your help
  2. #2
  3. No Profile Picture
    Dave Bryant
    Guest
    Devshed Newbie (0 - 499 posts)
    There is really only one other way that I've found that makes this feasible and efficient.

    It involves two parts.

    1. Switch to PHP4, period. This eliminates bugs and security holes your code may generate.

    2. Use a database to store the username passwords in. Make sure you set the database to encrypt the passwords so in case anyone does get access to the db then they can't read the passwords.

    Also, instead of storing passwords, you can just store the MD5 hash that gets sent when you encrypt something with PHP. Then it would only check the hash against what the db has and then you aren't actually storing the passwords.

    Hope this helps.

    ------------------
    --Dave Bryant
    dbryant@jump.net
    dbryant@waterloobay.com

Similar Threads

  1. Replies: 2
    Last Post: August 18th, 2004, 11:45 PM
  2. Replies: 4
    Last Post: January 28th, 2004, 09:29 AM
  3. PHP with UnixODBC
    By coder4hire in forum PHP Development
    Replies: 2
    Last Post: January 20th, 2004, 02:14 PM
  4. Passing string from PHP to Javascript
    By ka8oad in forum JavaScript Development
    Replies: 4
    Last Post: January 17th, 2004, 04:12 PM
  5. UnixODBC + PHP + Apache + Empress
    By coder4hire in forum Database Management
    Replies: 0
    Last Post: January 15th, 2004, 02:41 PM

IMN logo majestic logo threadwatch logo seochat tools logo