Skip to main content

Posts

Showing posts with the label Limitations of File-Based Authentication

File-Based Authentication

Using file-based authentication can eliminate the single username and password problem of the hard-coded solution; however, there can still be limitations that must be considered in implementing this authentication solution. The first things that needs to be created when using this solution to authentication is to create a users text file. This file should be located in a directory that is not in or under the htdocs directory of the web server (to eliminate someone being able to access the file through the website). It also needs to be in a directory that the server can read and write from. For the example below, the /tmp directory will be used; however, in production this directory should not be used because it is cleaned out every time the server restarts and is easily accessible to anyone who can access the server. The Users Text File The following is the contents of the /tmp/auth_users.txt file: Candance:90e0b2ef171cf8edd7f58527f3134f634ccb7091 Celine:44c40e17b33ee3f