Further Reading
You can find a good introduction to using HTTP Basic Authentication in PHP in Luke Welling and Laura Thomson's PHP and MySQL Web Development. The standard for Basic Authentication is set in RFC 2617 (www.ietf.org/rfc/rfc2617.txt).
The explanation of using cookies in the PHP online manual is quite thorough, but if you have unanswered questions, you can check out RFC 2109 (www.ietf.org/rfc/rfc2109.txt) and the original Netscape cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html).
No programmer's library is complete without a copy of Bruce Schneier's Applied Cryptography, which is widely regarded as the bible of applied cryptography. It is incredibly comprehensive and offers an in-depth technical discussion of all major ciphers. His later book Secrets and Lies: Digital Security in a Networked World discusses technical and nontechnical flaws in modern digital security systems.
An open-source single signon infrastructure named pubcookie, developed at the University of Washington, is available at www.washington.edu/pubcookie. The single signon system discussed in this chapter is an amalgam of pubcookie and the Microsoft Passport protocol.
An interesting discussion of some risks in single signon systems is Avi Rubin and David Kormann's white paper "Risks of the Passport Single Signon Protocol," available at http://avirubin.com/passport.htm.
| 