From: | Jason k Larson <jlarson(at)harrison(dot)org> |
---|---|
To: | PgSQL-PHP <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: HTTP authentication |
Date: | 2001-04-27 18:46:13 |
Message-ID: | 2961768953.20010427124613@harrison.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
This is all good but needs to be dealing with the password as a
hash/digest not the real clear text password. I would use SHA1
(SHA-160) or MD5.
Jason k Larson
Web Developer++
AL> The way i do it is have a separate table in the database that keeps track of
AL> users and passwords for the application.
AL> I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW
AL> I run them through the table using a select query. If I come back with a
AL> match, I set a variable, $auth, equal to true.
AL> If $auth is equal to true, they can perform whatever functions in the page I
AL> have.
AL> I don't have a log out button, but all I would probably do would be set
AL> $auth = false and unset the $PHP... variables.
AL> Adam Lang
AL> Systems Engineer
AL> Rutgers Casualty Insurance Company
AL> http://www.rutgersinsurance.com
AL> ----- Original Message -----
AL> From: "Christian Marschalek" <cm(at)chello(dot)at>
AL> To: "'Adam Lang'" <aalang(at)rutgersinsurance(dot)com>
AL> Cc: "[PHP] PostgreSQL" <pgsql-php(at)postgresql(dot)org>
AL> Sent: Friday, April 27, 2001 11:43 AM
AL> Subject: RE: [PHP] HTTP authentication
From | Date | Subject | |
---|---|---|---|
Next Message | Adam Lang | 2001-04-27 19:26:25 | Re: HTTP authentication |
Previous Message | Jason k Larson | 2001-04-27 18:45:18 | RE: HTTP authentication |