what is the most secure way to password protect admin files/folders?
im on apache/php
+5
A:
The most secure way is to keep it off the internet alltogether ;-)
But irony aside, I'd suggest using .htaccess. Simple and requires no programming effort from you.
nikc
2010-01-21 11:59:18
is $_SERVER['PHP_AUTH_DIGEST'] equally secure or less secure than a direct .htaccess file?
YuriKolovsky
2010-01-21 12:48:37
Well, it is possible to do with PHP what Apache does, but there are circumstances in which it will not work, e.g. when PHP is run as CGI and not a module. See: http://www.phpro.org/manual/features.http-auth.html
nikc
2010-01-21 15:42:18
oh very interesting, thanks for the detail.
YuriKolovsky
2010-01-21 21:07:14
You're most welcome.
nikc
2010-01-22 06:52:37
A:
Create a .htaccess and .htpasswd with one of the 10000 .htaccess generators out there and use the htpasswd included in most distros to add users to the .htpasswd.
dbemerlin
2010-01-21 12:00:44
+2
A:
An alternative to the htaccess method is to put the files that should be protected outside the web-root - somewhere where a typical HTTP request can't reach them - and have PHP relay them back to the client as needed.
This is useful in situations where you need more control over the process than Apache gives you. Like, say: if you wanted to integrate this with your PHP application's member functionality; allowing members that have already logged in access to the files while denying access to others.
Atli
2010-01-21 12:44:16