Jump to content

Archived

This topic is now archived and is closed to further replies.

sKunKbad

secure authentication ??

Recommended Posts

I am working on a website for a friend who wants to be able to have a secret message page for contributors. I found this script, which is working great, but I'm wondering if it is truly secure, and if not, how can I make it more solid.

[code]<?php
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
    || ( $PHP_AUTH_USER != 'Us3rn4M367' ) || ( $PHP_AUTH_PW != 'Tx56g$30o0' ) ) {

    header( 'WWW-Authenticate: Basic realm="Private"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';
    exit;
}
?>
<html>
    <head>
    <title>Special Access Page</title>
    </head>
    <body>
    <h1>User Authenticated!</h1>
    <p>This is the message.</p>
    <p>Hello agents,<br/>
Please let the monkey feed itself. There are no room for dice in my bag.</p>
    </body>
</html>[/code]

Thanks for your help,
sKunKbad

Share this post


Link to post
Share on other sites
It is truly secure if you are sending it over an encrypted connection (SSL). That is when there is written https instead of http in the url.

Share this post


Link to post
Share on other sites
hmm... well its not an encrypted connection. I don't even know how to do that.....

Share this post


Link to post
Share on other sites
You would have to ask your host to set it up for you (it will cost money) and you will need to get a certificate (more money).

Share this post


Link to post
Share on other sites
without the SSL, is this mostly secure?

I just looked in this guys hosting control panel, and SSL isn't an option. His host really bites if you ask me, but I wont name any names. I don't think he is going to want to pay for SSL. He's a bible smuggling missionary, so kinda on a low budget.

Share this post


Link to post
Share on other sites
Depends. You can of course not login without the correct combination of username and password, but a third-party could intercept the data while it is being transfered from the client to the server.

Share this post


Link to post
Share on other sites
well, as long as the interceptor isn't the government of the country he is smuggling bibles into, I think he is going to be OK. Thanks for your time Daniel0.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.