hwg-languages archives Oct 2000 new search results previous next

Re: how big is too big for an .htpassword file?

by David Mintz <mambomintz(at)yahoo.com>

 Date:  Wed, 4 Oct 2000 18:53:36 -0700 (PDT)
 To:  hwg-languages(at)hwg.org
  todo: View Thread, Original 

Perhaps what I need is a recommendation for a good
book or online tutorial to start getting into user
authentication and session management. I have a fairly
decent basic understanding of MySQL and PHP.

(I notice a lot of books & articles assume the reader
has root or root-like privileges on the server and can
just install this or configure that. I rent on a
shared server.)

Anyway:  it seems to me one could store usernames and
passwords (encrypted with 1-way encryption if you
like)  in a database table and prompt the user for
these when they log in, then pass them from page to
page as hidden form elements or cookies. Thing is, on
each page you'd have to hit your database again to
search for that user/password to see if it's valid.
That seems like a load on your database server. But is
this more or less a technique that people use?

Alternatively, I guess that after successful login you
could set a cookie that says "this user is ok" and
check that at each page, but it seems that wouldn't be
very secure, since savvy users can catch on and bake
their own cookies.

I checked my own O'Reilly Apache book and it was
silent as to how big an htpasswd password file should
get. The  examples seemed to suggest it was not
intended for large crowds.

--- Kae Verens <kverens(at)orbism.com> wrote:
> From: "David Mintz" <mambomintz(at)yahoo.com>
> > Suppose you want to restrict access to a section
> of
> > your website to members of an organization of
> about
> > 1000 members. ..... Would it be better to use a
"real" back end
> > database like MySQL? Approximately where's the
> cutoff
> > point?
> >
> > Thanks.
> 
> I think the most common way to solve that kind of
> problem would be to set up the users in groups, and
> >allow access in the .htaccess file to anyone who is
> a member of that group.

> 
> My Apache book here doesn't say whether or not
> multiple AuthGroupFile
> directives are allowed, but if they are, then that
> could be an answer to the
> size problem.


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA