#1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2001
    Location
    USA
    Posts
    830
    Rep Power
    14

    Website user authentication


    I'd like to hear about people's experience and get their recommendations on how I should perform user authentication for a site I am developing.

    I have developed several sites with password-protected areas that require the user to log-in with username and password. My script (PHP or ColdFusion) then queries a database to verify that a valid username-password pair was entered. If so a cookie is sent to the client and the presence of the cookie is then verified before sending access-restricted content to the browser.

    That seems to work fairly well. I'm sure it's not all that secure, but I'm not trying to protect credit card numbers or anything like that either.

    My main question is if you think I should continue using that system or if HTTP Basic Authentication would be better. I'd like to hear about people's experience with Basic Auth, how difficult it is to implement, etc.

    Thanks in advance.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    http basic auth is just as secure as a good php script. but it prevents you from errors in your php scripts, since it is executed before your script.
    if you are dealing with cc-numbers, you should definitively use SSL!

    http basic auth is quite easy to implement. but talking about security, there is no way around encryption especially when transmitting credit card infos. to be honest, i donīt think it is possible to secure credit cards at all.
    where i live (germany), credit cards companys have to take the responsibility for the security, so this is no issue here. but law forces you to use SSL.

IMN logo majestic logo threadwatch logo seochat tools logo