News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPMaster.com:
Understanding HTTP Digest Access Authentication
May 21, 2013 @ 12:09:02

On PHPMaster.com they've posted a new tutorial by Sean Hudgston that helps you understand HTTP digest authentication, a simple way to authenticate a user or script against your application.

Digest Access Authentication is one method that a client and server can use to exchange credentials over HTTP. This method uses a combination of the password and other bits of information to create an MD5 hash which is then sent to the server to authenticate. Sending a hash avoids the problems with sending a password in clear text, a shortfall of Basic Access Authentication.

He starts out by looking at the "basic authentication" mechanism that's built into most web servers and points out that it has a major flaw - sending the username/password in (pretty much) plain text. Digest, on the other hand, uses a MD5 hash created from a few pieces of information including username, realm and request method. The result is sent as a header back to the server that can then be parsed by PHP. He also talks about improving on the basic version of the digest method using the qop, nc, and cnonce optional parameters.

0 comments voice your opinion now!
http digest authentication tutorial basic hash

Link: http://phpmaster.com/understanding-http-digest-access-authentication

Evert Pot's Blog:
HTTP Basic and Digest authentication with PHP
February 13, 2009 @ 12:06:02

Validating users can be a complicated thing but, depending on what you're trying to protect, you may not need an entire user validation and management system to keep it all straight. Evert Pot offers information on using PHP with a good old standby technology - HTTP basic and digest authentication.

HTTP authentication is quite popular for web applications. It is pretty easy to implement and works for a range of http applications; not to mention your browser.

He includes two scripts - one to force the Basic form of authentication (the password is passed over in clear-text) and the Digest method (the password is set over as a hash) - and how to check the values sent back for each. Obviously, the Digest method takes a little more doing and requires compiling a few different keys as an md5 hash to ensure that the user is valid.

0 comments voice your opinion now!
http basic digest authentication example tutorial


PseudoCoder.com:
CakePHP Digest #5
January 13, 2009 @ 09:39:53

On his PseudoCoder.com blog Matt has posted the fifth edition of the CakePHP Digest - summing up recently CakePHP-related news into one neat package.

This is my third digest and for the first time there isn't a clear lead story. I was going to go with gwoo's message that CakePHP 1.2 had received close to 25k downloads in the first 6 days of its release. That works out to 1.5 million downloads extrapolated over a full year. Actual download rate will likely taper off - I just wanted to use the word extrapolate.

Other topics mentioned include:

  • Daniel Hofstetter's framework free agency
  • Discussions about whether to accept bugs without test cases
  • An article on building The Bakery
  • Comparisons to Symfony and the Yii frameworks
  • Lots of new content in The Bakery
0 comments voice your opinion now!
cakephp digest summary framework community article


Paul James' Blog:
HTTP Authentication with HTML Forms
June 20, 2006 @ 06:02:45

In this new tutorial on Paul James' blog, they spotlight a method for authentication on your site using the traditional HTTP authentication method, but with the customizable frontend of an HTML form.

The main reason people walk away from using HTTP authentication is that they want control over the look of the login form and most browsers display an awful looking dialog box. So what we need is a way for HTML forms to pass HTTP auth data when it's submitted. The HTML spec provides HTML forms as a way to create queries and to POST urlencoded data to a URL, but can we subvert it?

They show that, with the help of some simple Javascript, it can be accomplished. They give the code example to make it all work, including a bit of PHP code to validate the inputted data against two predefined constants. They also include another method, using HTTP Digest, to authenticate without the need to send the login information out to the server plain-text.

0 comments voice your opinion now!
http authentication custom method javascript digest http authentication custom method javascript digest



Community Events





Don't see your event here?
Let us know!


zendserver library language introduction developer series api tips laravel release interview symfony voicesoftheelephpant conference podcast community deployment bugfix framework list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework