Re: login script using file, not mysql [message #171599 is a reply to message #171593] |
Tue, 11 January 2011 21:04 |
Denis McMahon
Messages: 634 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/01/11 19:06, richard wrote:
> Thank you. However, that item clearly states that .htaccess should not be
> used for password verificiation.
No, it says that for apache, configuring the access control in the
configuration file(s) is preferable to configuring it in .htaccess
> What exactly is mysql? Just another type of file.
> So why can't say user.txt be the database file?
Anything you like can be the database file, but the question is, what
has this to do with php?
You can write a password / access control system in php that uses a
plain text file to store passwords, but there are issues with doing so,
one of which is the need to allow concurrent write access to the file if
two users decide to update their passwords at once.
Using a suitable database avoids such issues.
There are other issues that need to be considered when developing access
control systems, which you should make an effort to identify and
address. Not least of these is cost / benefit, ie how much effort is it
worth to protect what?
Rgds
Denis McMahon
|
|
|