[ale] Web Login
David Corbin
dcorbin at imperitek.com
Tue Feb 12 12:02:51 EST 2002
But that's not a very secure method (unless you're doing https).
Passwords passover the wire encrypted, but decrypting them is very
easy. The requirement "secure" needs more definition:
Are we only talking about idenifying the user once? What about
subseqeuent pages? Secure from snoopers at what level? people that can
access packets anywhere? Man-in-the-middle attacks? Someone who hacks
your web server? Your database server?
I don't mean to make it complicated, but then, it already IS complicated.
Jason Lynn wrote:
> If you're using apache, look into htpasswd for generating password
> files. Then you use a file .htaccess (I think that's right), that
> contains certain directives, in the directory where you want to
> prevent access.
>
>
>> From: "Calvin Harrigan" <charrig at earthlink.net>
>> To: ale at ale.org
>> Subject: [ale] Web Login
>> Date: Wed, 13 Feb 2002 00:02:11 +0800
>> MIME-Version: 1.0
>> X-Originating-IP: 216.91.92.7
>> Received: from [209.195.36.194] by hotmail.com (3.2) with ESMTP id
>> MHotMailBE3287B7009D40043188D1C324C20CD60; Tue, 12 Feb 2002 08:03:04
>> -0800
>> Received: (qmail 25499 invoked by uid 511); 12 Feb 2002 16:02:12 -0000
>> Received: (qmail 25493 invoked by alias); 12 Feb 2002 16:02:12 -0000
>> From ale-return-4349-jason_lynn_ Tue, 12 Feb 2002 08:04:28 -0800
>> Mailing-List: contact ale-help at ale.org; run by ezmlm
>> Precedence: bulk
>> X-No-Archive: yes
>> list-help: <mailto:ale-help at ale.org>
>> list-unsubscribe: <mailto:ale-unsubscribe at ale.org>
>> list-post: <mailto:ale at ale.org>
>> Delivered-To: mailing list ale at ale.org
>> Message-ID: <20020212160211.22055.qmail at earthlink.net>
>> X-Mailer: MIME-tools 5.41 (Entity 5.404)
>> X-Originating-Server: ws2-3.us4.outblaze.com
>>
>> Greetings,
>> I have a question, what would be the best way to implement a secure
>> login to a website. I've seen many solutions/means/ways of doing so
>> on the net but none seem standard or straight forward. I would like
>> to create a web page with a login field and password field with a
>> submit button that calls a script to verify the password and grant
>> access to the web site.
>> I would like a secure/simple method of doing so, any suggestions?
>> Backend languages I can use are php, perl, shell script,c/c++.
>>
>> Thanks...
>> --
>>
>>
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems
>> should be
>> sent to listmaster at ale dot org.
>>
>
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> should be sent to listmaster at ale dot org.
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list