[nycphp-talk] NEW PHundamentals Question - HTTP Authentication
George Schlossnagle
george at omniti.com
Sat Oct 23 21:48:35 EDT 2004
On Oct 23, 2004, at 9:15 PM, Ophir Prusak wrote:
> I meant secure as in if you leave it up to the web server to ask for
> user/pass (and not directly in your PHP) then the code in apache that
> does the authentication is probably pretty good.
>
> If on the other hand you're just using a normal form for the user and
> password, there are probably more ways a hacker could get around it,
> especially for beginning programmers.
>
> Regarding sniffing the user/pass, in both cases it's clear text unless
> you use SSL.
You can use digest auth, that doesn't involve transmitting your
password, just a hash of it.
George
More information about the talk
mailing list