PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
It is currently Fri Nov 27, 2015 6:50 am

All times are UTC - 5 hours

Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Force HTTP_AUTH?
PostPosted: Fri Jan 20, 2012 10:01 am 
Forum Newbie

Joined: Fri Nov 18, 2011 12:01 am
Posts: 4
I have this application which has three directories:


Which all have security holes. I can .htaccess these folders no problem.

However, when a user logs into my application and tries to use any of these functions in said directories the application prompts for user/pass.

1. I know I can force the user/pass like so: <form action="" method="POST">, but of course this exposes the username and password.

So, what I'm wondering: is it possible when my users log in to my application I can somehow log the users into the password protected directories too? Possibly using $_SERVER and $_SESSION vars? It just seems so much more "user friendly" to have them only log in once instead of prompting for a pw all the time.

Otherwise, I believe my application to be pretty secure.

 Post subject: Re: Force HTTP_AUTH?
PostPosted: Sat Jan 21, 2012 8:15 am 
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
1. You should add authorization checks to your asynchronously accessed PHP code just like in any other PHP code you expose. There's no need to use a different authentication mechanism than the one you already use for your 'main' site anyway.
2. Depending on what your "security holes" in these directories are, this might not help entirely - you need protection against malicious authenticated users as much as you need protection against 'anonymous' ones

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: Exabot [Bot] and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group