Hello; I'm trying to figure out the best (most secure and most user friendly, security of primary importance) way to let a user log-in. I am setting up a web application (database application) that will be for private use only and I want to keep it secure. As I understand it, using the Apache htaccess method is secure as there is essentially no communication without a username and password, but it does lack a little in flexibility and presentation. On the other hand, PHP certainly has the edge on flexibility and presentation, but I have questions regarding it's security. If you look at the threads regarding connecting to databases, you often see a warning to the effect of: store your connection password etc, outside of the document path in case PHP fails and your file is displayed unprocessed. So my question is, how can you count on PHP to log somebody in, and prevent access to files when PHP may fail, or the user could just go into the directory structure and bypass security. TIA Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
