Jump to content


Photo

secure authentication ??


  • Please log in to reply
6 replies to this topic

#1 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 22 September 2006 - 05:13 AM

I am working on a website for a friend who wants to be able to have a secret message page for contributors. I found this script, which is working great, but I'm wondering if it is truly secure, and if not, how can I make it more solid.

<?php
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW)) 
     || ( $PHP_AUTH_USER != 'Us3rn4M367' ) || ( $PHP_AUTH_PW != 'Tx56g$30o0' ) ) {

    header( 'WWW-Authenticate: Basic realm="Private"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';
    exit;
}
?>
<html>
    <head>
    <title>Special Access Page</title>
    </head>
    <body>
    	<h1>User Authenticated!</h1>
    	<p>This is the message.</p>
    	<p>Hello agents,<br/>
		 Please let the monkey feed itself. There are no room for dice in my bag.</p>
    </body>
</html>

Thanks for your help,
sKunKbad
Brian's Web Design - Temecula

Freedom is only available through death.

#2 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 22 September 2006 - 05:29 AM

It is truly secure if you are sending it over an encrypted connection (SSL). That is when there is written https instead of http in the url.

#3 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 22 September 2006 - 05:33 AM

hmm... well its not an encrypted connection. I don't even know how to do that.....
Brian's Web Design - Temecula

Freedom is only available through death.

#4 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 22 September 2006 - 05:36 AM

You would have to ask your host to set it up for you (it will cost money) and you will need to get a certificate (more money).

#5 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 22 September 2006 - 05:43 AM

without the SSL, is this mostly secure?

I just looked in this guys hosting control panel, and SSL isn't an option. His host really bites if you ask me, but I wont name any names. I don't think he is going to want to pay for SSL. He's a bible smuggling missionary, so kinda on a low budget.
Brian's Web Design - Temecula

Freedom is only available through death.

#6 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 22 September 2006 - 05:46 AM

Depends. You can of course not login without the correct combination of username and password, but a third-party could intercept the data while it is being transfered from the client to the server.

#7 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 22 September 2006 - 05:50 AM

well, as long as the interceptor isn't the government of the country he is smuggling bibles into, I think he is going to be OK. Thanks for your time Daniel0.
Brian's Web Design - Temecula

Freedom is only available through death.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users