Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Fri Oct 29, 2004 1:08 pm Reply with quote

I have a question on how http auth actually works. I was testing something out and placed a phpinfo() file on my site to check to see what version of GD I had. To my suprise I saw my http auth username and password was listed with the rest on my phpinfo.

I then looked at one of the tables sentinel creates and the http auth username and password are stored there as well. In that table the password is stored three different ways plaintext, md5 and crypt. Isn't it bad that the password is stored unprotect in the db?

I guess my other question is exactly how does it work?
 
View user's profile Send private message
GeekyGuy
Client


Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio

PostPosted: Fri Oct 29, 2004 1:30 pm Reply with quote

From what I understand, HTTP Authentication works outside of PHP Nuke. If will force an authentication at the server level before access to the admin.php is allowed, which then requires it's own authentication thru PHP Nuke.

_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger ICQ Number
JRSweets
PostPosted: Sat Oct 30, 2004 11:52 pm Reply with quote

So the only reason its stored in the DB is so you can easily change it?
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Oct 31, 2004 12:20 am Reply with quote

No. That is a caveat. It has to be stored in order to compare it to the browser auth window when you are promted to input the user an password, just like the nuke login screen.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©