On Wednesday 14 November 2001 14:58, you wrote: I think mixing of the web application's and the host's operating system's authantication is not the best thing (if you don't exactly need that)
The $isLogged variable that is stored in the session is perfect as long as you check that it is came from the session ($HTTP_SESSION_VARS) and you know that no one can access and write into your session files (open_basedir, and safe_mode in php.ini). Arpi > so set an md5() of each user name as "yes". > islogged=Ehyfoa74a23gfd > or whatever is good i think. but sessions are the most secure way, > so think about both (sessions and cookies) and decide what you > really need. > > you have linux? > you could make an .htaccess, and make real users with no bash, and > let them login with real usernames and passwords. > > windows? > on win2k you could do this too. but be shure to not grant access to > local hd's. major security risk... > > "Stefan Rusterholz" <[EMAIL PROTECTED]> schrieb im > Newsbeitrag 009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo">news:009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo... > > > I don't think this is a secure method. > > If I do only a little effort an find out, that it's this variable > > $islogged > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]