Jump to content

Archived

This topic is now archived and is closed to further replies.

AdRock

Sessions or .htaccess to protect admin area

Recommended Posts

I have an admin area for my site where I can add, edit and delete items from the database and I'm currently using htaccess to protect it.

If i used sessions and only allowed access to the directory if the user level was set high enough (set in the session) would it be easy for someone to gain access who knew how to hack it?

I am trying to find a good way for me to get into the admin directory without having to manually type the url in the browser.  I could create myself a login with the appropiate rights for access to the directory.

Any ideas?  ???

Share this post


Link to post
Share on other sites
Well, the .htaccess security is a great way to go. If this is a pain, you could build a login/password system with php and to authenticate, you could use a session, and to ensure it's security, use $_SESSION['var'] vs $_POST or $_GET which could be easily fooled.

Im no expert, but in my experience, securing a directory with apache (via .htaccess) is a pretty safe way to go.

Share this post


Link to post
Share on other sites
But can I take the htaccess login data and create a session from that, so I can always know WHO is authenticated?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.