Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

341

342

343

344

345

346

347

348

349

350

The optional m, d, p, or s switches can be used if you want to specify which encryption algo-

rithm (including no encryption) you would like to use.

The b switch tells the program to expect the password as a parameter, rather than prompting

for it. This is useful if you want to call htpasswd noninteractively as part of a batch process,

but should not be used if you are calling htpasswd from the command line.

The following commands created the file shown in Listing 14.8:

htpasswd -bc /home/book/.htpass user1 pass1

htpasswd -b /home/book/.htpass user2 pass2

htpasswd -b /home/book/.htpass user4 pass3

htpasswd -b /home/book/.htpass user4 pass4

This sort of authentication is easy to set up, but there are a few problems with using an

.htaccess file this way.

Users and passwords are stored in a text file. Each time a browser requests a file that is pro-

tected by the .htaccess file, the server must parse the .htaccess file, and then parse the pass-

word file, attempting to match the username and password. Rather than using an .htaccess

file, we could specify the same things in our httpd.conf file—the main configuration file for

the Web server. An .htaccess file is parsed every time a file is requested. The httpd.conf file

is only parsed when the server is initially started. This will be faster, but means that if we want

to make changes, we need to stop and restart the server.

Regardless of where we store the server directives, the password file still needs to be searched

for every request. This means that, like other techniques we have looked at that use a flat file,

this would not be appropriate for hundreds or thousands of users.

Using Basic Authentication with IIS

Like Apache, IIS supports HTTP authentication. Apache uses the UNIX approach and is con-

trolled by editing text files, and as you might expect, selecting options in dialog boxes controls

the IIS setup.

Using Windows 2000, you change the configuration of Internet Information Server 5 (IIS5)

using the Internet Services Manager. You can find this utility by choosing Administrative Tools

in the Control Panel.

The Internet Services Manager will look something like the picture shown in Figure 14.5. The

tree control on the left side shows that on the machine named windows-server, we are running

a number of services. The one we are interested in is the default Web site. Within this Web site,

we have a directory called protected. Inside this directory is a file called content.html.

Implementing Authentication with PHP and MySQL

HAPTER 14

IMPLEMENTING

AUTHENTICATION

319

18 7842 CH14 3/6/01 3:35 PM Page 319