Page is a not externally linkable
-- New To Web Development
---- most secure method of password protect
cameraman - 7:58 pm on Mar 29, 2007 (gmt 0)only send the password once per session
With htaccess basic authentication, the user name and password are sent with each request to the server. Anyone sniffing packets can pick up the credentials with any of those requests.
With php you can combine SSL and session management to:
store the password in encrypted (md5,sha1,etc) form
time out the session on inactivity so the user has to be revalidated
if you know your users have static IP addresses you can check each page request to make sure that it doesn't suddenly inexplicably change
log page modifications' time, ip, username, etc.
force periodic password changes
evaluate password strength and/or enforce strong password rules
Using php or some other scripting language opens up the possiblities tremendously, and you can tighten up security by a significant degree.
Thread source:: http://www.webmasterworld.com/new_web_development/3296672.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com