I placed the two files in a specified directory to keep only authenticated users from entering. Everything works except the the password doesn't need to be typed in fully. I noticed that instaid of being something like myauthpassword, I could just type myauthpassw and it would authenticate the user.
Why is this happening? I don't believe this to be secure.
Authentication using .htpasswd and .htaccess
Moderator: General Moderators
I have for quite some time. But I'm affriad of it being less secure as I found a hole in it. All pages have piece of code that checks for the correct session. But files such as a small php functions holder doesn't have the piece of code. So I'd have to place the code in the right places.
But it would seem like bad coding to have such a system.
I only employed the .htaccess method as of yesterday. So I'm still comparing this to my previous.
Why does HTTP authentication behave in the manner; I explained in my first post?
But it would seem like bad coding to have such a system.
I only employed the .htaccess method as of yesterday. So I'm still comparing this to my previous.
Why does HTTP authentication behave in the manner; I explained in my first post?