[PHP] Secure User Auth
Hi I have a web site that needs a secure login system. Users of the system can SSH in to the server, and POP, IMAP, Postgres and other services are provided, and I'd like the users to be able to log in to the site - obviously as securely as possible. Maybe using SSL + sessions? I have not used SSL or HTTPS before, and certainly not with PHP. Can anyone give me any suggestions? Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure User Auth
Well it depends what you want to do, Do they need to just get into the app or do they need to have different access levels? If they dont need access levels just use htaccess that should work out fine. -=Adam=- Quoting James Arthur [EMAIL PROTECTED]: Hi I have a web site that needs a secure login system. Users of the system can SSH in to the server, and POP, IMAP, Postgres and other services are provided, and I'd like the users to be able to log in to the site - obviously as securely as possible. Maybe using SSL + sessions? I have not used SSL or HTTPS before, and certainly not with PHP. Can anyone give me any suggestions? Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - http://www.2ghz.net/ Welcome To the Future -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure User Auth
It wont matter if it is sent in clear text because at that point you are over https/SSL. The entire stream is encrypted. I understand the need for using the existing system. I think LDAP does look like a good way to go. -=Adam=- Quoting James Arthur [EMAIL PROTECTED]: On Sunday 03 Feb 2002 17:43, Viper wrote: Well it depends what you want to do, Do they need to just get into the app or do they need to have different access levels? If they dont need access levels just use htaccess that should work out fine. htaccess isn't secure enough, since it sends the password in plain text to the server. Besides, the users already have accounts on the server, so it would make more sense to authenticate against an existing system, like IMAP/POP3. Doing that's easy enough, and also has the side effect that when they log in it tells them whether they have new mail or not. The problem is finding a way to enter login details that does not send the password across the internet in plain text mode. The only way seems to use SSL, but I don't know how to implement it. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - http://www.2ghz.net/ Welcome To the Future -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php