> -----Original Message-----
> From: Stefen Lars [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 07, 2001 3:03 AM
> Subject: [PHP] Insecurity with PHP authorization
> I do realize that if I were to place a .htaccess file in the 
> root of the intranet server, I could prevent the above from
> happening, but then I loose the advantage of having the users
> profile in a database, where a user can easily change her
> password. Allowing a web user to edit a password in the
> .htaccess file poses more problems than it solves, especially
> as it certainly could occur that more than one persons wants to 
> edit his password simultaneously.

If you control the server, have you considered something along the lines
of mod_auth_mysql (which would allow you to place a .htaccess file that
authenticates using the information stored in your mysql database)?
I've used it on a few projects here with good results.

You can pick up a copy from the "contrib" downloads at mysql.com.

Mark Roedel ([EMAIL PROTECTED]) | "There cannot be a crisis next week.
Systems Programmer / WebMaster |  My schedule is already full."
     LeTourneau University     |                   -- Henry Kissinger 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to