AdRock Posted August 24, 2006 Share Posted August 24, 2006 I have an admin area for my site where I can add, edit and delete items from the database and I'm currently using htaccess to protect it.If i used sessions and only allowed access to the directory if the user level was set high enough (set in the session) would it be easy for someone to gain access who knew how to hack it?I am trying to find a good way for me to get into the admin directory without having to manually type the url in the browser. I could create myself a login with the appropiate rights for access to the directory.Any ideas? ??? Quote Link to comment https://forums.phpfreaks.com/topic/18599-sessions-or-htaccess-to-protect-admin-area/ Share on other sites More sharing options...
jvalarta Posted August 25, 2006 Share Posted August 25, 2006 Well, the .htaccess security is a great way to go. If this is a pain, you could build a login/password system with php and to authenticate, you could use a session, and to ensure it's security, use $_SESSION['var'] vs $_POST or $_GET which could be easily fooled.Im no expert, but in my experience, securing a directory with apache (via .htaccess) is a pretty safe way to go. Quote Link to comment https://forums.phpfreaks.com/topic/18599-sessions-or-htaccess-to-protect-admin-area/#findComment-80144 Share on other sites More sharing options...
mojito Posted January 18, 2007 Share Posted January 18, 2007 But can I take the htaccess login data and create a session from that, so I can always know WHO is authenticated? Quote Link to comment https://forums.phpfreaks.com/topic/18599-sessions-or-htaccess-to-protect-admin-area/#findComment-163564 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.