[ale] Web Login

David Corbin dcorbin at imperitek.com
Tue Feb 12 12:02:51 EST 2002 

But that's not a very secure method (unless you're doing https). 
 Passwords passover the wire encrypted, but decrypting them is very 
easy.  The requirement "secure" needs more definition:

Are we only talking about idenifying the user once?  What about 
subseqeuent pages?  Secure from snoopers at what level? people that can 
access packets anywhere? Man-in-the-middle attacks?  Someone who hacks 
your web server?  Your database server?

I don't mean to make it complicated, but then, it already IS complicated.

Jason Lynn wrote:

> If you're using apache, look into htpasswd for generating password 
> files.  Then you use a file .htaccess (I think that's right), that 
> contains certain directives, in the directory where you want to 
> prevent access.
>
>
>> From: "Calvin Harrigan" <charrig at earthlink.net>
>> To: ale at ale.org
>> Subject: [ale] Web Login
>> Date: Wed, 13 Feb 2002 00:02:11 +0800
>> MIME-Version: 1.0
>> X-Originating-IP: 216.91.92.7
>> Received: from [209.195.36.194] by hotmail.com (3.2) with ESMTP id 
>> MHotMailBE3287B7009D40043188D1C324C20CD60; Tue, 12 Feb 2002 08:03:04 
>> -0800
>> Received: (qmail 25499 invoked by uid 511); 12 Feb 2002 16:02:12 -0000
>> Received: (qmail 25493 invoked by alias); 12 Feb 2002 16:02:12 -0000
>> From ale-return-4349-jason_lynn_ Tue, 12 Feb 2002 08:04:28 -0800
>> Mailing-List: contact ale-help at ale.org; run by ezmlm
>> Precedence: bulk
>> X-No-Archive: yes
>> list-help: <mailto:ale-help at ale.org>
>> list-unsubscribe: <mailto:ale-unsubscribe at ale.org>
>> list-post: <mailto:ale at ale.org>
>> Delivered-To: mailing list ale at ale.org
>> Message-ID: <20020212160211.22055.qmail at earthlink.net>
>> X-Mailer: MIME-tools 5.41 (Entity 5.404)
>> X-Originating-Server: ws2-3.us4.outblaze.com
>>
>> Greetings,
>>  I have a question, what would be the best way to implement a secure 
>> login to a website.  I've seen many solutions/means/ways of doing so 
>> on the net but none seem standard or straight forward.  I would like 
>> to create a web page with a login field and password field with a 
>> submit button that calls a script to verify the password and grant 
>> access to the web site.
>> I would like a secure/simple method of doing so, any suggestions?  
>> Backend languages I can use are php, perl, shell script,c/c++.
>>
>> Thanks...
>> -- 
>>
>>
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
>> should be
>> sent to listmaster at ale dot org.
>>
>
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
> should be sent to listmaster at ale dot org.
>
>




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list