Force HTTP_AUTH?
Posted: Fri Jan 20, 2012 9:01 am
I have this application which has three directories:
/ajax/
/ckeditor/
/upload/
Which all have security holes. I can .htaccess these folders no problem.
However, when a user logs into my application and tries to use any of these functions in said directories the application prompts for user/pass.
1. I know I can force the user/pass like so: <form action="http://user:pass@domain.com/cp/upload/php/index.php" method="POST">, but of course this exposes the username and password.
So, what I'm wondering: is it possible when my users log in to my application I can somehow log the users into the password protected directories too? Possibly using $_SERVER and $_SESSION vars? It just seems so much more "user friendly" to have them only log in once instead of prompting for a pw all the time.
Otherwise, I believe my application to be pretty secure.
/ajax/
/ckeditor/
/upload/
Which all have security holes. I can .htaccess these folders no problem.
However, when a user logs into my application and tries to use any of these functions in said directories the application prompts for user/pass.
1. I know I can force the user/pass like so: <form action="http://user:pass@domain.com/cp/upload/php/index.php" method="POST">, but of course this exposes the username and password.
So, what I'm wondering: is it possible when my users log in to my application I can somehow log the users into the password protected directories too? Possibly using $_SERVER and $_SESSION vars? It just seems so much more "user friendly" to have them only log in once instead of prompting for a pw all the time.
Otherwise, I believe my application to be pretty secure.