[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
David Mintz
dmintz at davidmintz.org
Fri Oct 22 17:49:23 EDT 2004
<<When is it a good time (and bad time) to use HTTP Authentication?>>
I would say:
(1) Plain old http authentication, using a flat file for password storage,
is ok if you don't expect much traffic and/or if you're file is small.
Otherwise, it's too inefficient for Apache to scan that whole thing on
every request.
(2) Plain old http authentication is ok if aesthetics and fashion are not
a big concern, because the generic popup window that prompts for
username/password is not particularly exciting to look at.
(3) If what's at state is truly sensitive and a security breech would be
catastrophic, use SSL regardless of the authentication method.
---
David Mintz
http://davidmintz.org/
"Anybody else got a problem with Webistics?" -- Sopranos 24:17
More information about the talk
mailing list