On Wednesday 14 November 2001 14:58, you wrote:
I think mixing of the web application's and the host's operating 
system's authantication is not the best thing (if you don't exactly 
need that)

The $isLogged variable that is stored in the session is perfect as 
long as you check that it is came from the session 
($HTTP_SESSION_VARS) and you know that no one can access and write 
into your session files (open_basedir, and safe_mode in php.ini).


> so set an md5() of each user name as "yes".
> islogged=Ehyfoa74a23gfd
> or whatever is good i think. but sessions are the most secure way,
> so think about both (sessions and cookies) and decide what you
> really need.
> you have linux?
> you could make an .htaccess, and make real users with no bash, and
> let them login with real usernames and passwords.
> windows?
> on win2k you could do this too. but be shure to not grant access to
> local hd's. major security risk...
> "Stefan Rusterholz" <[EMAIL PROTECTED]> schrieb im
> Newsbeitrag 009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo">news:009f01c16d13$bfd6b4d0$3c01a8c0@quasimodo...
> > I don't think this is a secure method.
> > If I do only a little effort an find out, that it's this variable
> $islogged

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to