Authorize via MySql? - GoFuckYourself.com

Jizar II · 08-28-2002, 11:39 AM

We´re working on a new paysite project and thought about authorizing based on html form+MySql instead of .htaccess.. Is this a better method regarding password crackers ect.?
Is there any downsides to this method?

JFPdude · 08-28-2002, 12:02 PM

Htaccess and mod_auth_mysql works great.

Just add the Mod_Auth_mysql modules to apache.

NetRodent · 08-28-2002, 12:10 PM

Authorizing via a database (if it is properly index) is better than .htacess if you have a relatively large number of users. For small user lists, you're probably better off with .htaccess.

As for trying to defeat password crackers, it doesn't make any difference whether you are checking them against a flat file or a database, assuming your database can handle the load.

If you're looking to make life more difficult for the password crackers, you might want to look into the Auth::Cookie module. You can modify that in ways that will make it almost impossible to brute force passwords.

Jizar II · 08-28-2002, 12:17 PM

thank you for the useful info :-)
Another thing that made me think about the database driven Authorization is that I want to give the monthly members access to sections that are non-available for the trial members..

08-28-2002, 11:39 AM	#1
Jizar II Confirmed User Industry Role: Join Date: May 2001 Location: LLL© Posts: 1,425	Authorize via MySql? We´re working on a new paysite project and thought about authorizing based on html form+MySql instead of .htaccess.. Is this a better method regarding password crackers ect.? Is there any downsides to this method?

08-28-2002, 12:02 PM	#2
JFPdude Confirmed User Join Date: Jan 2002 Location: Mountains of Western North Carolina. Posts: 4,027	Htaccess and mod_auth_mysql works great. Just add the Mod_Auth_mysql modules to apache.

08-28-2002, 12:10 PM	#3
NetRodent Confirmed User Join Date: Jan 2002 Location: In the walls of your house. Posts: 3,985	Authorizing via a database (if it is properly index) is better than .htacess if you have a relatively large number of users. For small user lists, you're probably better off with .htaccess. As for trying to defeat password crackers, it doesn't make any difference whether you are checking them against a flat file or a database, assuming your database can handle the load. If you're looking to make life more difficult for the password crackers, you might want to look into the Auth::Cookie module. You can modify that in ways that will make it almost impossible to brute force passwords.

08-28-2002, 12:17 PM	#4
Jizar II Confirmed User Industry Role: Join Date: May 2001 Location: LLL© Posts: 1,425	thank you for the useful info :-) Another thing that made me think about the database driven Authorization is that I want to give the monthly members access to sections that are non-available for the trial members..