Geek Answers Handbook

Login page against htpasswd - which is more secure?

Given a simple login system (registration and login), which of the two options is more secure:

  • Using htaccess and htpasswd files to store and authenticate users
  • Using php for CRUD and MySQL (or any other database) to store information

User information consists solely of the username password.

Of course, the best option is assumed for both options: MySQL attachments are taken into account, the password is md5 / sha1 / md5 + sha1 / any other means are encrypted, etc.

If you're interested, in the first case php will add user credentials to the htpasswd file. (see this question for an example implementation.)

+5
source share
2 answers

I would always talk about the login form (with which I assume that you mean standard session-based authentication).

  • .htaccess authentication sends a password for each request (of course, SSL will help here)

  • .htaccess default authentication in Apache

    has no speed limit /

  • Exit .htaccessAuthentication - Bitch

+12
source

There are almost no differences in the two aspects of safety. but all the problems of Pekka. If you just want to use HTTP Basic Auth (i.e. Popup) as opposed to the login form, you can do this via PHP. if you are looking $_SERVER['PHP_AUTH_USER'], and if you do not find it, send the answer 401, for example:

    if (!isset($_SERVER['PHP_AUTH_USER'])) {
            header('WWW-Authenticate: Basic realm="MY REALM"');
            header('HTTP/1.0 401 Unauthorized');
            echo 'Please Contact us if you are having problems logging in';
            exit;
    } else {
            //not their first time through
            //check their username and password here
            $username = trim($_SERVER['PHP_AUTH_USER']);
            $password = trim($_SERVER['PHP_AUTH_PW']);
            //do login
    }

/ . , , .

+5

More articles:


All Articles