My problem is as follows:
I have a directory with some files I want to password protect. To do that there are a couple of options.
1- Using htaccess I can do somethink like:
Code: Select all
AuthName "MysiteLogin"
AuthType Basic
AuthUserFile /home/httpd/vhosts/mydomain.com/httpdocs/.htpasswd
Require valid-user2- I also could use some basic phpscript as outlined in this thread viewtopic.php?t=41522
Code: Select all
<?
if($_SERVER['PHP_AUTH_USER'] == "William" && $_SERVER['PHP_AUTH_PW'] == "mypass") {
echo "You are now loggedin!";
} else {
header("WWW-Authenticate: Basic realm=\"".$login_text."\"");
header("HTTP/1.0 401 Unauthorized");
echo "Authorization Required.";
exit;
}
?>One of the files I want to protect is a script with which I can upload files to the server, so my quess is that it's pretty important to protect that file well. However, a simple to use system (like 1 or 2) has its advantages (not having to set up the db-tables, etc). So, what do you think would be the best option? And also, can a protection with a htaccess file be (relatively) easy Brute-force attacked?