Password Protect Directory vs. Login Script

[dlebowski]

I need some opinions on whether password protecting a directory is more secure than using a login script.  My application would work just fine if I could password protect the directory.  Would that be the way to go?  Thanks in advance. 

 

Ryan

[Stooney]

It would really depend on how it works and who uses it.  .htpasswd is the easiest to use, but has limited functionality.  using sessions with the proper security works just as well and has way more functionality.  If it's just a small personal script it's your choice, but if it will be available to the public, I would say use sessions.

[dlebowski]

It is a scenario where I basically create a directory manually for a new user and then dump the code into that directory.  They would then browse to the URL provided and it's only for them.  Each client gets there own URL.  I would manually create the logins and passwords and create the URL once they sign up.  I would assume that password protecting the directory would be more secure then sessions.  Am I correct in thinking that?  Thanks for the prompt reply.

 

Ryan

[Stooney]

It sounds like a standard site where users can log in.  I'm sure most people would recommend sessions for this, but if you want to use .htpasswd then it would technically work fine.  Also, with sessions you won't have to 'dump code' into each new directory.  As for their custom url, you can use mod rewrite. 

[dlebowski]

I will look into mod rewrite.  Thanks.  I'm not sure how that would work with my app because there will be a ton of data that is stored in a DB and it is currently written so that each client gets their own database.  Regardless, if this is something I need to do, I will look into it.

 

Which is more secure?  The current login script that I have does not appear to be all that secure and that concerns me and that is what prompted this post today. 

 

Ryan

[dlebowski]

If I use .htaccess in conjunction with SSL, is that as secure or more secure than using sessions?