Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
331332333334335336337338339340
// visitor’s name and password combination are not correct
echo “<h1>Go Away!</h1>”;
echo “You are not authorized to view this resource.”;
}
}
?>
The database we are using can be created by connecting to MySQL as the MySQL root user
and running the contents of Listing 14.3.
LISTING 14.3 createauthdb.sqlThese MySQL Queries Create the auth Database, the
auth Table, and Two Sample Users
create database auth;
use auth;
create table auth (
name varchar(10) not null,
pass varchar(30) not null,
primary key (name)
);
insert into auth values
(‘user’, ‘pass’);
insert into auth values
( ‘testuser’, password(‘test123’) );
grant select, insert, update, delete
on auth.*
to webauth@localhost
identified by ‘webauth’;
Encrypting Passwords
Regardless of whether we store our data in a database or a file, it is an unnecessary risk to
store the passwords as plain text. A one-way hashing algorithm can provide a little more secu-
rity with very little extra effort.
E-commerce and Security
P
ART III
310
LISTING 14.2 Continued
18 7842 CH14 3/6/01 3:35 PM Page 310