HTTP Digest Implementation in PHP

While following leads from Zend’s weekly summary, ran in Thomas Pike’s HTTP Digest Class: http://www.xiven.com/sourcecode/digestauthentication – a pure PHP implementation which relies on getallheaders() (i.e. requires Apache as well). Thomas introduces it here on his blog.

PHP comes with built in support for HTTP basic authentication but the problem there is, unless you’re using SSL (https), visitors will be sending passwords in clear text, which could be easily “sniffed” between their browser and your server.

HTTP Digest Authentication is a somewhat more secure mechanism, where, essentially, the server begins by sending a “seed” value to the browser, which the browser then uses to (one way) encrypt the password before sending.

Good to see this finally well-done in PHP.

Replay

Category: programming Time: 2004-02-13 Views: 1
Tags:

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.135 (s). 12 q(s)