I have found the mod_auth_pgsql module to be the easiest way to implement this function. Does anyone know if it takes the points mentioned below into consideration? Stephan -----Original Message----- From: Vince Vielhaber [mailto:vev@xxxxxxxxxxx] Sent: Wednesday, 26 December 2001 2:25 PM To: Andrew McMillan Cc: Stephan Borg; pgsql-php@xxxxxxxxxxxxxx Subject: Re: [PHP] WWW-Authentication and Postgresql <snip> A couple of quick gotchas. 1) make sure you filter out all unwanted characters so someone can't execute sql calls inside of a username or password. 2) On failure make sure you send a 401 to the browser just like you do initially when asking for the password to clear out the old one - you can also use this to handle logouts. Vince. -- ======================================================================== == Vince Vielhaber -- KA8CSH email: vev@xxxxxxxxxxx http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ======================================================================== == _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
