HTTP authentication security

Question

HTTP authentication security

My client needs a simple CMS database faster than I can solve the problems and disadvantages associated with globals registration, sql injection and cookie filtering.

I installed phpMyEdit and secured the edit page with .htaccess. For security experts, does this provide at least a moderate level of security?

+2

security http-authentication

miles 13 oct. '09 at 3:51

source to share

3 answers

It all comes down to the fact that no one here knows how secure passwords are or if you've hacked in some way. If you need confidence that HTTP authentication works, then yes, it does. There's also more to it than you can configure, so just calling it "htaccess security" is ambiguous. All in all, just make sure you don't leave any parts publicly available and that the passwords are not "123" or "qwerty" and you'll be fine (probably).

+1

slikts 13 oct. At 4:47 am

source to share

I also recommend ip to protect your protected directories or files for admin. Also I can't be ok with automated programs, you just need more practice, you should know about most of the hacking tricks used, just read more and more about SQL injection and so on ... Good luck.

+1

George Garchagudashvili 06 dec. 09 at 13:27

source to share

Collin · Accepted Answer · 2009-10-13T04:18:01+0000

This is a moderate level of security, yes.

The attack you need to be aware of is a brute force attack where the bad guy tries to use different username and password combinations over and over again. To fix this, you can block the user after n (10 reasonable) failed login attempts.

There are many ways to customize htaccess files as valid users go, but depending on the source you are using, be extra careful that there are default users or guest types your htaccess might let in.

HTTP authentication security

More articles: