|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Buljevic (skeptic
s1c.org)Date: Sun Jan 06 2002 - 07:15:38 CST
Hi,
I have a PHP/HTML based back-end for updating a MySQL database. Now, what
are my options in protecting this backend, besides HTTP basic authentication
(since this one is relatively insecure)?
Would PHP sessions be more appropriate?
Or using cookies with some encryption (md5, etc)?
Any suggestions?
Best regards,
Robert Buljevic
----- Original Message -----
From: <Len_LattanziStanfordAlumni.org>
To: <webappsecsecurityfocus.com>
Sent: Sunday, January 06, 2002 3:04 AM
Subject: Re: OWASP January Guest Paper - HTTP Authentication
> On 2002-01-05 17:17:35 -0800, Mark Curphey wrote:
> > Dave Zimmer wrote this great paper on HTTP Authentication for the new
> > Monthly OWASP Guest White paper section.
> >
> > http://www.owasp.org/resources/whitepapers/http_authentication.txt
> >
> Nice summary. I'd add the following caveats.
>
> While Apache supports digest authentication only a few clients support
> it such as wget, amaya and mozilla. Notably neither IE5.5 nor NS4.7x do.
>
> To test a client try
> http://jigsaw.w3.org/HTTP/Digest/
>
> both wget and mozilla can handle
> jigsaw.w3.org/HTTP/Digest/">http://guest:guestjigsaw.w3.org/HTTP/Digest/
>
> -Len
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]