.htaccess authorization security
Posted: Thu Oct 16, 2008 8:32 am
Greetings from cold Finland!
This isn't really PHP security related problem, so admins feel free to move this if needed.
I'm developing PHP system for customer. Customer adverts open jobs to the website and people can apply for the jobs using the website. Of course, applications might include confidental information. As for this, SSL is used. So now I'm building the "admin" side of the application. In admin section, applications can be browsed. Now my consern is to make sure that NOBODY outside company can log in to admin section. At first, I thought about using .htaccess .htpasswd authorization. Is this method 100% secure when password information is stored outside www-root or are there some weaknesses in this method? Another way is to build PHP log in system with MYSQL user database. I've done this kind of systems, but this time i want it to be 100% secure and as there's no need to for multiple users, I just feel that .htaccess user authorization might be enough.
All comments and conserns are welcome.
This isn't really PHP security related problem, so admins feel free to move this if needed.
I'm developing PHP system for customer. Customer adverts open jobs to the website and people can apply for the jobs using the website. Of course, applications might include confidental information. As for this, SSL is used. So now I'm building the "admin" side of the application. In admin section, applications can be browsed. Now my consern is to make sure that NOBODY outside company can log in to admin section. At first, I thought about using .htaccess .htpasswd authorization. Is this method 100% secure when password information is stored outside www-root or are there some weaknesses in this method? Another way is to build PHP log in system with MYSQL user database. I've done this kind of systems, but this time i want it to be 100% secure and as there's no need to for multiple users, I just feel that .htaccess user authorization might be enough.
All comments and conserns are welcome.