Jump to content

Sessions or .htaccess to protect admin area


AdRock

Recommended Posts

I have an admin area for my site where I can add, edit and delete items from the database and I'm currently using htaccess to protect it.

If i used sessions and only allowed access to the directory if the user level was set high enough (set in the session) would it be easy for someone to gain access who knew how to hack it?

I am trying to find a good way for me to get into the admin directory without having to manually type the url in the browser.  I could create myself a login with the appropiate rights for access to the directory.

Any ideas?  ???
Link to comment
Share on other sites

Well, the .htaccess security is a great way to go. If this is a pain, you could build a login/password system with php and to authenticate, you could use a session, and to ensure it's security, use $_SESSION['var'] vs $_POST or $_GET which could be easily fooled.

Im no expert, but in my experience, securing a directory with apache (via .htaccess) is a pretty safe way to go.
Link to comment
Share on other sites

  • 4 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.