[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
Ophir Prusak
prusak at gmail.com
Sat Oct 23 09:22:22 EDT 2004
I don't see two of the biggest differences on anyone's list:
1. With HTTP Authentication, you can't easily make pages that are
accessible to both users that are logged in and users that are not
(with different content for each). It's really meant for pages that
you can either view or not. Technically you could do probably do it
using custom 403 (access denied) pages but that sounds messy.
2. HTTP Authentication is probably more secure than anything you'll
ever write yourself. Especially if you implement it at the server
level (.htaccess) you won't have to worry as much about security holes
in your code :)
More information about the talk
mailing list