Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

htaccess password protect website

Status
Not open for further replies.

tyutghf

Technical User
Apr 12, 2008
258
GB
My company wish to place a section of the intranet on our external server and only allow staff access.

They are happy with one password for all users which they will change every month so htaccess is probably a good option for this.

What they are worried about is security of this section, they are adamant they want it external so staff can access from anywhere but prevent it being hacked.

I've searched but not found an answer to htaccess password protection security. Could I ask some questions please?

1. Will htaccess password protection simply allow a user to brute force it or will it prevent access after say 3 failed tries?
2. Does it request the password on each visit or can we use cookies to remember a user (expires 30 days)
3. Is htaccess the best route for this or should I create a php login form?

Thanks
 
Hi

Actually "htaccess password protection" is called HTTP Authentication, you may find more relevant documentation with that name. There are actually two such authentication methods, the basic and the digest, but none of them uses cookies. And as far as I know, there is no way to limit the authentication's validity. And neither the maximum failed login attempts. HTTP authentication is handled by the browser and credential once entered, the browser will just send it with each request for basic and each time the server requires for digest method.

HTTP authentication is great for protecting static content. Easy, cheap, includes authenticated user name in logs, successfully handled by download tools. But it may be too rigid for certain cases.


Feherke.
feherke.ga
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top