Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
341342343344345346347348349350
specify basic authentication and give a realm name. As in Listing 14.7, we will allow any
valid, authenticated user access.
Because we are using mod_auth_mysql and did not want to use all the default settings, we have
some directives to specify how this should work. Auth_MySQL_DB, Auth_MySQL_Password_
Table, Auth_MySQL_Username_Field, and Auth_MySQL_Password_Field specify the name of
the database, the table, the username field, and the password field, respectively.
We are including the directive Auth_MySQL_Encryption_Types to specify that we want to use
MySQL password encryption. Acceptable values are Plaintext, Crypt_DES, or MySQL.
Crypt_DES is the default, and uses standard UNIX DESencrypted passwords.
From the user perspective, this mod_auth_mysql example will work in exactly the same way as
the
mod_auth example. She will be presented with a dialog box by her Web browser. If she
successfully authenticates, she will be shown the content. If she fails, she will be given our
error page.
For many Web sites,
mod_auth_mysql is ideal. It is fast, relatively easy to implement, and
allows you to use any convenient mechanism to add database entries for new users. For more
flexibility, and the ability to apply fine-grained control to parts of pages, you might want to
implement your own authentication using PHP and MySQL.
Creating Your Own Custom Authentication
We have looked at creating our own authentication methods including some flaws and compro-
mises and using built-in authentication methods, which are less flexible than writing your own
code. Later in the book, when we have covered session control, you will be able to write your
own custom authentication with fewer compromises than in this chapter.
In Chapter 20, we will develop a simple user authentication system that avoids some of the
problems we have faced here by using sessions to track variables between pages.
In Chapter 24, we apply this approach to a real-world project and see how it can be used to
implement a fine-grained authentication system.
Further Reading
The details of HTTP authentication are specified by RFC 2617, which is available at
http://www.rfc-editor.org/rfc/rfc2617.txt
The documentation for mod_auth, which controls basic authentication in Apache, can be found at
http://www.apache.org/docs/mod/mod_auth.html
E-commerce and Security
P
ART III
324
18 7842 CH14 3/6/01 3:35 PM Page 324