Web application security is often an afterthought. You start with the best of intentions — build- ing a quick prototype which allows your users to get a feel for how the application might work. But the next thing you know, they’re using it regularly and you’ve invested quite a bit of time and effort in the former prototype.
Web application security is often an afterthought. You start with the best of intentions — build- ing a quick prototype which allows your users to get a feel for how the application might work. But the next thing you know, they’re using it regularly and you’ve invested quite a bit of time and effort in the former prototype.
Not long after that, you realize you need to decide how to limit access to all or part of the application and do it without a major development effort. Luckily, PHP makes it easy to put an initial layer of security on your application. In this month’s column, we’ll look at what’s involved in simple user authentication so that you can keep out those users who shouldn’t be allowed in.
.htaccess Again Before diving into PHP, it’s worth noting that you don’t need to add any code to your application. Apache knows how to validate usernames and passwords against a simple password file. In much the same way as we could enable PHP on a per-directory basis (last month), by adding a few lines to a .htaccess file, you can set up basic security for your application. In fact, you can even lump users into groups and allow (or disallow) them by their group names.
Basic Authentication
The most basic form of Web-based user authentication is known as Basic Authentication. This is an amazingly simple and very old protocol (well, in Web years, anyway)…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
