On Wednesday 14 November 2001 14:58, you wrote:
I think mixing of the web application's and the host's operating
system's authantication is not the best thing (if you don't exactly
need that)
The $isLogged variable that is stored in the session is perfect as
long as you check that it is came from the session
($HTTP_SESSION_VARS) and you know that no one can access and write
into your session files (open_basedir, and safe_mode in php.ini).
Arpi
> so set an md5() of each user name as "yes".
> islogged=Ehyfoa74a23gfd
> or whatever is good i think. but sessions are the most secure way,
> so think about both (sessions and cookies) and decide what you
> really need.
>
> you have linux?
> you could make an .htaccess, and make real users with no bash, and
> let them login with real usernames and passwords.
>
> windows?
> on win2k you could do this too. but be shure to not grant access to
> local hd's. major security risk...
>
> "Stefan Rusterholz" <[EMAIL PROTECTED]> schrieb im
> Newsbeitrag 009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo">news:009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo...
>
> > I don't think this is a secure method.
> > If I do only a little effort an find out, that it's this variable
>
> $islogged
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
