Chris Shiflett <mailto:[EMAIL PROTECTED]> on Monday, December 08, 2003 5:17 PM said:
> The only risk is forgetting to add this check, since I > assume you mean that you have to copy/paste this into every script. > You might want to consider whether you can design your application in > such a way that you can have a more centralized way to enforce > authorization. This is what I tried to do with my second example. I thought it to be an improvement because it was merely one function call and not a if..else construct. Any comments on that? > The one thing I would definitely consider doing differently is the > redirect. You could, instead, just include the logic necessary for the > login page, so that you avoid the superfluous transaction. Is this comment from a security standpoint or an effciency issue? >> As far as better ways go I was thinking that maybe I could employ >> .htaccess somehow? > > Yes, and you can use a database like you're wanting. There is existing > code to help you do this. However, this implements HTTP > authentication, which has the little popup window. This is fine, but > some people might perceive this as being unprofessional, so you might > want to keep your audience in mind. Ewww.. no I don't want to do that. And to olinux, yes I will check google! :) Chris. -- Don't like reformatting your Outlook replies? Now there's relief! http://home.in.tum.de/~jain/software/outlook-quotefix/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
