HTTP Digest Implementation in PHP

While following leads from Zend’s weekly summary, ran in Thomas Pike’s HTTP Digest Class: – a pure PHP implementation which relies on getallheaders() (i.e. requires Apache as well). Thomas introduces it here on his blog.

PHP comes with built in support for HTTP basic authentication but the problem there is, unless you’re using SSL (https), visitors will be sending passwords in clear text, which could be easily “sniffed” between their browser and your server.

HTTP Digest Authentication is a somewhat more secure mechanism, where, essentially, the server begins by sending a “seed” value to the browser, which the browser then uses to (one way) encrypt the password before sending.

Good to see this finally well-done in PHP.


Category: programming Time: 2004-02-13 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.135 (s). 12 q(s)