> like .htaccess? While it seems like a system that makes technical sense,
> I can't think of any major websites that use pop-up boxes for
> authentication. I'm wondering if there are not using this kind of
> system, or if there is a way to use these handlers without the built-in
> pop-up box mechanism.

There are handlers to handle session management, which is a different
thing, but related enough to satisfy your requirements.

> It seems to me that using a regular HTML could provide a better UI if
> it's possible by adding explanatory text, a "forgot your password?"
> like, and so on.

This can be covered by writing a page to handle 403 (authentication)
errors, but you are correct: few major sites use .htaccess authentication.
I'd also mention these sites cater to the lowest denominator, and often
make security mistakes, but that would reveal my bias :)

I tend to approve of .htaccess -- it was designed by people who know
security and authentication systems better than I do.  Anything I recreate
would likely hold hidden flaws.

Nonetheless, you can have an HTML-based login/logout, which sets the
necessary DB/cookie values for a session management module.
(Apache::Session is the one I hear about most, but I haven't used any of
them.)


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/cgiapp@lists.vm.com/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to