> -----Original Message-----
> From: Stefen Lars [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 07, 2001 3:03 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Insecurity with PHP authorization
>
>
> I do realize that if I were to place a .htaccess file in the
> root of the intranet server, I could prevent the above from
> happening, but then I loose the advantage of having the users
> profile in a database, where a user can easily change her
> password. Allowing a web user to edit a password in the
> .htaccess file poses more problems than it solves, especially
> as it certainly could occur that more than one persons wants to
> edit his password simultaneously.
If you control the server, have you considered something along the lines
of mod_auth_mysql (which would allow you to place a .htaccess file that
authenticates using the information stored in your mysql database)?
I've used it on a few projects here with good results.
You can pick up a copy from the "contrib" downloads at mysql.com.
---
Mark Roedel ([EMAIL PROTECTED]) | "There cannot be a crisis next week.
Systems Programmer / WebMaster | My schedule is already full."
LeTourneau University | -- Henry Kissinger
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
