July 17th, 2000, 10:31 AM
I want to provide users access to their files on our server via the web. I would like to do this in some way that doesn't open the server up to all sorts of security holes (encryption isn't reallt an issue since we're using SSL).
So far, I have looked at Apache basic authentication via .htpasswd and PHP_AUTH_*. These do not seem to do what I want them to.
I am still using PHP3, so I havn't yet looked at PHP Session Management. Would this do the trick? Thank you for your help
July 17th, 2000, 10:36 AM
There is really only one other way that I've found that makes this feasible and efficient.
It involves two parts.
1. Switch to PHP4, period. This eliminates bugs and security holes your code may generate.
2. Use a database to store the username passwords in. Make sure you set the database to encrypt the passwords so in case anyone does get access to the db then they can't read the passwords.
Also, instead of storing passwords, you can just store the MD5 hash that gets sent when you encrypt something with PHP. Then it would only check the hash against what the db has and then you aren't actually storing the passwords.
Hope this helps.