[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
csnyder
chsnyder at gmail.com
Sun Oct 24 14:02:15 EDT 2004
On Sun, 24 Oct 2004 10:42:00 -0700 (PDT), Chris Shiflett
<shiflett at php.net> wrote:
> I think it's a good feature, although I rarely ever use it myself. Here
> are a few reasons...
Yeah, but the reasons you gave mostly apply to using HTTP
Authentication via Apache directives.
I thought that the issue here is HTTP Authentication implemented via
PHP header() functions, which is listed as a "feature" of PHP in the
manual:
http://www.php.net/manual/en/features.http-auth.php
In that case:
1. You are only protecting scripts that implement authentication, not
the static contents of directories
2. It *is* quick and easy.
3. If you also implement authentication in httpd.conf, you'll have to
use exactly the same password database in your PHP scripts
4. The access control is implemented by you -- possibly not as secure
or well-tested as Apache's.
More information about the talk
mailing list