Chapter 11. Authentication and Security
Many
web database applications require restrictions to control user
access. Some applications deal with sensitive information such as
bank account details, while others only provide information or
services to paying customers. These applications need to authenticate
and authorize user requests, typically by collecting a username and
password that are checked against a list of valid users. As well as
authenticating those who have access to a service, web applications
often need to protect the data that is transmitted over the Internet
from those who shouldn't see it.
In this chapter, we show you the techniques used to build web
database applications that authenticate and authorize users and
protect the data that is transmitted over the Web. The topics covered
in this chapter include:
How HTTP authentication works and how it can be used with Apache and
PHP Writing PHP scripts to manage user authentication and authorization Authorizing access from an IP address or a range of IP addresses Writing PHP scripts that authenticate users against a table in a
database The practical aspects of building session-based web database
applications to authenticate users, including techniques that
don't use HTTP authentication A case study example that develops an authentication framework,
demonstrating many of the techniques presented in this chapter The features of the encryption services provided by the Secure
Sockets Layer
|
