NYCPHP Meetup

NYPHP.org

[nycphp-talk] NEW PHundamentals Question - HTTP Authentication

Chris Shiflett shiflett at php.net
Sun Oct 24 13:42:00 EDT 2004


--- csnyder <chsnyder at gmail.com> wrote:
> I've always thought it was a silly feature -- why not just code
> a login form?

I think it's a good feature, although I rarely ever use it myself. Here
are a few reasons, off the top of my head:

1. You can protect static resources like HTML, images, etc.
2. It's quick and easy to implement for existing content, whether static
or dynamic. Any solution is sometimes better than no solution, and there
are many situations that might require such a thing.
3. You can protect any collection of content that can be identified in
httpd.conf (using a number of different approaches).
4. The access control is mature and well-tested - you can be certain that
any resource protected with HTTP Authentication will require the
authentication credentials (and not be forgotten by a sloppy developer).

Feel free to add to the list. :-)

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming December 2004        http://httphandbook.org/



More information about the talk mailing list