PHP and MySQL Authentication and SecurityPHP and MySQL - Authentication and Security
Authentication and Security
HTTP Authentication
How HTTP Authentication Works
Using Apache to Authenticate
HTTP Authentication with PHP
Access to User Credentials from PHP
Managing HTTP Authentication with PHP
Authorizing User Access
Limits placed on IP addresses
Authentication Using a Database
MySQL encryption
Encrypting other data in a database
Web Database Applications and Authentication
Building Stateless Applications
Building Session-Based Applications
Forcing users to a login page
Authenticating without HTTP
Session hijacking
Recording IP addresses to detect session hijack attempts
Case Study: Customer Authentication
Login page
Authentication script
Logout script
Authorizing other requests
Protecting Data on the Web
The Secure Sockets Layer Protocol
SSL architecture
Cipher suites
SSL sessions
Certificates and Certification Authorities
In this tutorial we discuss the techniques used to build web database
applications that authenticate, authorize, and protect the data that
is transmitted over the Web. The topics covered in this tutorial
include:
- How HTTP authentication works and how it can be used with Apache and PHP
- Writing PHP scripts to manage user authentication and authorization
- Writing PHP scripts that authenticate users against a table in a database
- The practical aspects of building session-based web database applications to authenticate users, including techniques that don't use HTTP authentication
- A case study example that develops an authentication framework, demonstrating many of the techniques presented in this tutorial
- The features of the encryption services provided by the Secure Sockets Layer