[PHP5] File Base vs. Directory Based Authentication?

Re: [PHP5] File Base vs. Directory Based Authentication?

<conradwt@runbo x.com> wrote in message
news:1105661121 .155012.147660@ z14g2000cwz.goo glegroups.com.. .[color=blue]
> Hi, I'm looking to implement login/registration system in PHP5 and
> MySQL. Thus, I have come across alot of resources and source code to
> perform this task. However, I'm wondering, what's the best method
> (i.e. PHP/MySQL or PHP/MySQL using .htpasswd) from a security?
> Essentially, I will need to be able to password protect an entire
> directory. Also, a small set of directories will be for admin eyes
> only. BTW, I will have both admin and guest members for this
> membership site. Finally, if you can point me to both source and/or
> white papers, I would greatly appreciative.[/color]

HTTP authentication is in general more secured than roll-your-own
PHP+database authentication. The main reason is that you cannot obtain HTTP
headers through client scripting, where ascookies and URLs, used by PHP's
session mechanism, are easily obtainable.

If you're protecting a bunch of files neatly tucked into a directory, then
use HTTP digest authentication. Read the Apache manual for more details.