Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC:

Static Authentication 9 years 1 month ago #26

  • trochford
  • trochford's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • MAXOS Developer
  • Posts: 9
  • Thank you received: 0
Could the static credentials be hived off into a separate text file so they can be maintained without the potential of breaking the php. There are many situations where this will be the best solution, e.g. in Adult & Community Learning, where a central directory of users is not maintained. The text file would then be 'included' in static.php.

Please Log in or Create an account to join the conversation.

Static Authentication 8 years 11 months ago #408

  • jjs
  • jjs's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 391
  • Thank you received: 69
Hi Thomas,

Sorry, just looking through some questions that have been sitting unanswered for a while and came across this...

The problem I see would be that a plain text file could be reached and would be displayed by a browser. Whilst an incorrectly formatted PHP file usually breaks the page, it does give immediate indication that something isn't right and therefore login details 'probably' wouldn't show...

I wouldn't generally recommend storing plain passwords in a text file like this and would never use it on a production server. I think the best option would be to use the Db authentication in most instances where at least the passwords are hashed and provide some security...

John

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Moderators: jjs
Time to create page: 0.047 seconds
Copyright © 2022 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search