[nycphp-talk] Htaccess and php user account
Justin Dearing
zippy1981 at gmail.com
Mon Dec 1 21:39:48 EST 2008
Can you describe a senario where php stops working and as a result php would
stop?
Yes, theoretically apache could be reconfigured so its thinks that .php
files are just a text files, but if mod_php were to "crash", which generally
brings down the worker thread and fixes itself.
Session variables and a name and crypted password string in the database are
the way to go generally. I could reccomend more sofisticated approaches,
such as having php authenticate against LDAP, or the mysql database users
(assuming you restrict database access on a per user level), but if your
doing shared hosting (no root access), this is probably the best way.
Most php web apps work this way.
On Mon, Dec 1, 2008 at 8:14 PM, Michele Waldman <mmwaldman at nyc.rr.com>wrote:
> I'm trying to set up a user account with htaccess and mysql.
>
>
>
> But the shared hosting account doesn't have mod_auth_mysql htaccess module
> installed on the machines and I can't get root access.
>
>
>
> How else are folks implementing accounts?
>
>
>
> In php?
>
>
>
> If so, what's the best general way to implement that. Do you use session
> variables for that?
>
>
>
> My primary concern about implementing accounts in php is that php can stop
> running on the server. If that happens, the security becomes non-existent.
> Plus, the php code can be dumped right to the browser.
>
>
>
> I'd much rather server level security than in processes that can stop.
>
>
>
> Thoughts on account security approaches, please.
>
>
>
> Michele
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081201/291f9ed8/attachment.html>
More information about the talk
mailing list