Friday, 23 February 2007

Learn More About User Authentication and PHP Security

Leidago, in a post over Devshed, talks about security vulnerabilities that involve form data, databases and file systems. Instead he looks into a different topic of authentication and the security issues around it. He also gives information about the two most common attacks, which are brute force attacks and password sniffing.

He explains authentication is the process by which a user's identification is proven. The authentication is verified by checking the user's password and username. This typically takes place in a login form, he informs. After a user is authenticated, he or she will have access to a particular part of a web site or application (or possibly an entire web site or application). This method of allowing different users access to certain areas and denying others the same access is called authorization or access control, he adds.

He gives the following two Authentication methods:

Normal log-in/register HTML form

This method he explains with an example code and a screenshot for better understanding.


HTTP Authentication

He says, that HTTP authentication presents a user with a pop up box that requires a username and password to gain access. He lists some of the benefits of HTTP authentication. They are as follows:

• Very little PHP code required
• Entered username and password remembered without the need to use PHP to send cookies or establish sessions.
• Clean interface that will not interfere with your page design.

• Limits usability
• Inability to establish user groups or specify access levels
• Inability to set access levels