Better than .htaccess would you use it?
 

If there were an amazing hack proof system that can replace .htaccess for protecting members areas would you buy it?

The reason that I ask is that there is a better way, and a program has been custom written to do it, the next step is to interface it with ccbill and ibill.

What would you pay for it?

There are several better ways, my friend.

Use PHP sessions like I do, and all your problems will be solved...


Combine it with HTTPS, and nobody will fuck you over again.

Got any details on this? Would like to find out more!

Its better than that, it has way more features.

Buy yourself a SSL license and use that only with the login (HTTPS).

After the login you can serve normal HTTP to the IP that signed in rightfully through HTTPS.

Works like a charm for me... for months now.

With this program you dont need to go through all of that, in fact when it is finished I am betting that a big player like iBill or CCBill will want to license it.

Thanks:thumbsup

Not sure why you're thinking a payment processor would want to license something like that... my hunch: if you're putting a better GUI-based interface on it or adding something to make the process less technical, you might be able to license it to a few n00b paysite webmasters or something. But let's face it, sessioning is good enough, and ain't all that hard... :2 cents:
<br>

The only problem with sessions is that the underlying content (images, videos etc) are still accessible. Sessions only protect HTML/PHP files.

Sure, you can put HTTP_REFERER protection in, but we all know how easy it is to spoof referrers.

Fortunately, there's a solution to this.

Addition: SSL is *NOT* the solution. It's very CPI-intensive.. if you're doing ANY kind of traffic, you're going to be bogged down, even if you've got an SSL accelerator card.

So, your saying the php sessions are hack proof?
What I am talking about is a system that prevents hackers from getting into a system such as .htaccess which I am sure 90% of webmasters use.

As I stated before :

You only use the SSL for the login screen...


PHP sessions can be made 100% secure, yes.

Not only HTML files, you can show your pics like pic.php?pic=123

That sounds like a lot of work, I will check it out though.

That makes sense.

Quote:

PHP sessions can be made 100% secure, yes. Not only HTML files, you can show your pics like pic.php?pic=123

True, but that means you've got to have all the graphics files OUTSIDE the DOCUMENT_ROOT directory, and the PHP file needs to load the graphics file and dump it out. Very slow and very inefficient.

There's a different way that doesn't involve having to change all the links - it's "transparent" to the file structure.

my opinion is that there are some serious security flaws with both ccbill and ibill.

they need to do something and soon. there are forums that tell surfers how to hack into paysites:

notably:

phatforums (and others, mostly russian) if you watch your stats carefully you will see them getting in.

proxypass does not kill it because they are getting in without authentication (i believe)

you cannot block it with simple .htaccess refusals, we need something better right now!

You haven't even tried it. You sound hypothethical.

I let PHP handle ALL http (html + php files) and use Zend Optimizer.

Quote:

There's a different way that doesn't involve having to change all the links - it's "transparent" to the file structure.

Are you lazy ?


You sound like you want to keep everything as it is, and some magic stick will help you out.

Believe me, I've tried all the other options, like JSP, Kernel hacks, A custom Apache module, and PHP sessions + SSL, and guess : this works.

Now get of your lazy butt and pay a good coder to take care.