given simple login system (register , login), of 2 choices more secure:
- using htaccess , htpasswd files store , authenticate users
- using php crud , mysql (or other database really) store info
user info consists purely of username-password.
of course, best-case assumed both options: mysql injections accounted for, password md5/sha1/md5+sha1/any other means encrypted, etc.
in case you're wondering, in first case, php add user credentials htpasswd file. (see this question example implementation.)
i'd login form (by assume mean standard session-based authentication).
.htaccessauthentication transmits password on every request (of course, ssl here).htaccessauthentication doesn't have rate limiting / brute-force protection default in apachelogging out
.htaccessauthentication is bitch
Comments
Post a Comment