Jump to content


Photo

Sessions or .htaccess to protect admin area


  • Please log in to reply
2 replies to this topic

#1 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 24 August 2006 - 11:51 PM

I have an admin area for my site where I can add, edit and delete items from the database and I'm currently using htaccess to protect it.

If i used sessions and only allowed access to the directory if the user level was set high enough (set in the session) would it be easy for someone to gain access who knew how to hack it?

I am trying to find a good way for me to get into the admin directory without having to manually type the url in the browser.  I could create myself a login with the appropiate rights for access to the directory.

Any ideas?  ???
If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#2 jvalarta

jvalarta
  • Members
  • PipPipPip
  • Advanced Member
  • 42 posts

Posted 25 August 2006 - 02:29 AM

Well, the .htaccess security is a great way to go. If this is a pain, you could build a login/password system with php and to authenticate, you could use a session, and to ensure it's security, use $_SESSION['var'] vs $_POST or $_GET which could be easily fooled.

Im no expert, but in my experience, securing a directory with apache (via .htaccess) is a pretty safe way to go.

#3 mojito

mojito
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 18 January 2007 - 10:21 AM

But can I take the htaccess login data and create a session from that, so I can always know WHO is authenticated?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users