1st_Time_for_Me
07-26-2001, 06:41 PM
Please help a newbie setup a *secure* members-only site on the web!! - Unfortunately, I have been assigned that duty ;(
What is the *best* and *Most secure* way to setup a *password* protected URL - which is resitant to password traders and hurlers, and (optionally) ideally includes password expirations capability, etc.
Should we use >>.htaccess<< or _not_even_bother - and use another scheme instead (maybe MySQL & PHP script)?
Is there a script, or service which is secure that we can implement?
Here is what our server is setup with:
1. Apache/1.3.20 (Unix) (Red-Hat Linux 6.22)
2. mod_watch/2.0
3. mod_throttle/3.1.2
4. mod_gzip/1.3.19.1a
5. mod_auth_pam/1.0a
6. mod_ssl/2.8.4
7. OpenSSL/0.9.6a
8. PHP/4.0.6
9. mod_perl/1.25 on Linux.
Thanks in advance!!
P.S. We prefer/need full logs of username/password accesses, with time and date, etc., and the ability to block or ban certain ip's and/or usernames/email addresses, whether temporarily or permanently. We
recently (yesterday) heard of 'phpsecurepages' - is this maybe a good option for us?
What is the *best* and *Most secure* way to setup a *password* protected URL - which is resitant to password traders and hurlers, and (optionally) ideally includes password expirations capability, etc.
Should we use >>.htaccess<< or _not_even_bother - and use another scheme instead (maybe MySQL & PHP script)?
Is there a script, or service which is secure that we can implement?
Here is what our server is setup with:
1. Apache/1.3.20 (Unix) (Red-Hat Linux 6.22)
2. mod_watch/2.0
3. mod_throttle/3.1.2
4. mod_gzip/1.3.19.1a
5. mod_auth_pam/1.0a
6. mod_ssl/2.8.4
7. OpenSSL/0.9.6a
8. PHP/4.0.6
9. mod_perl/1.25 on Linux.
Thanks in advance!!
P.S. We prefer/need full logs of username/password accesses, with time and date, etc., and the ability to block or ban certain ip's and/or usernames/email addresses, whether temporarily or permanently. We
recently (yesterday) heard of 'phpsecurepages' - is this maybe a good option for us?