Skip to main content

Hard-Coded Authentication

This is the simplest PHP authentication to implement but has the problem of being limited on flexibility
and high on maintenance cost. It literally places the username and password into the script as seen in the
following example:


<?php
if (($_SERVER['PHP_AUTH_USER'] != 'root') ||
($_SERVER['PHP_AUTH_PW'] != 'training')) {
header('WWW-authenticate: Basic Realm="Photo Album"');
header('HTTP/1.0 401 Unauthorized');
print "You must provide a valid username and password!";
exit;
}
// Remainder of script
?>

In this example, the first portion of the script reads in the username and password variables. If the variables
do not match the hard-coded user name or password, then the script prints out some HTTP header
information and text saying that the username and/or password was not valid. It then exits the script and
terminates the rest of the script processing. If, though, the username and password are correct, this portion
of the script is ignored and the remainder of the script is executed.

Limitations of Hard-Coding

Although this method is quick and easy, it has a number of drawback that make it unrealistic for
applications in production.

• Using the same username - As the code stands, every user requiring access to this web page would
need to use the same login name and password. This is not the way most applications in production
work. The majority of applications in production use the username to provide specific preferences
and specific access to resources that could not be done if everyone is using the same username. Of
course, additional usernames and passwords could be coded in, but that is just nonsensical and leads
to poor coding techniques.

• Maintenance nightmare - If the username and password are compromised, a new username and
password have to be hard-coded in and everyone using that username and password have to be
notified of the change. Anytime that code has to be touched leads to the greater likelihood that
something else could be inadvertently changed causing the script to malfunction. Avoiding touching
code in production is a best practice for reliability of services.
Labels:

Comments

Post a Comment

Popular posts from this blog

PHP INTRODUCTION

                     PHP  (recursive acronym for  PHP: Hypertext Preprocessor ) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP stands for  P HP:  H ypertext  P reprocessor PHP is a server-side scripting language, like ASP PHP scripts are executed on the server PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.) PHP is an open source software PHP is free to download and use Why PHP? PHP runs on different platforms (Windows, Linux, Unix, etc.) PHP is compatible with almost all servers used today (Apache, IIS, etc.) PHP is FREE to download from the official PHP resource:  www.php.net PHP is easy to learn and runs efficiently on the server side What can PHP do? Anything. PHP is mainly focused on server-side scripting, so you can...
6 comments
Read more

MySQL General Architecture

        MySQL operates in a networked environment using a client/server architecture. In other words, a central  program acts as a server, and various client programs connect to the server to make requests. A MySQL  installation has the following major components: MySQL Server, Client programs and MySQL non client  utilities.  MySQL Server MySQL Server, or mysqld, is the database server program. The server manages access to the actual  database (schema) on disk and in memory. MySQL Server is multi-threaded and supports many  simultaneous client connections. Clients can connect via several connection protocols. For managing  database contents, the MySQL server features a modular architecture that supports multiple storage engines  that handle different types of tables (for example, it supports both transactional and non-transactional  tables). Keep in mind the difference between a server and a host. The server is s...
1 comment
Read more

MySQL Query Browser

     MySQL Query Browser is a cross-platform GUI client program that's intuitive and easy to use. It provides a graphical interface to the MySQL server for querying and analyzing data. The MySQL Query Browser provides a Connection dialog that enables a connection to a MySQL server. This section describes how to use the Connection dialog and the Main Query Browser GUI. Using the Connection Dialog MySQL Query Browser presents a Connection dialog when it starts or when the New Instance Connection … is selected from the File menu. Connecting to a MySQL server can be accomplished either by filling in the connection dialog box fields with the parameters required to connect to a server or selecting from among any predefined connection profiles. Connection Dialog Window:                To connect to a MySQL server by specifying connection parameters directly, fill in the  appropriate fields beginning with the ...
Post a Comment
Read more