mod_auth_mysql or mysql usernames and passwords?
am 08.02.2006 20:10:58 von marc.wyburn
I'm writing a web app that needs a login page. I'm doing the dev on a
windows box although the final version will go on a Linux box. I can't
find any versions of mod_auth_Mysql precompiled for windows and have no
idea about compiling c.source on windows (or anything to do it with).
Is there a good reason I shouldn't store hashed password in MySQL and
call them from Python scripts instead of using the apache auth module
directly?
Thanks for your time, Marc.
Re: mod_auth_mysql or mysql usernames and passwords?
am 08.02.2006 22:54:55 von Bill Karwin
wrote in message
news:1139422831.101280.110990@f14g2000cwb.googlegroups.com.. .
> Is there a good reason I shouldn't store hashed password in MySQL and
> call them from Python scripts instead of using the apache auth module
> directly?
That's what I do when writing web apps. One good reason to do this is that
your web app probably needs to offer users the ability to log out. Any
solution using mod_auth_* (regardless of whether the passwords are stored in
MySQL, htpasswd file, LDAP, etc.) has the problem that it uses HTTP
authentication. Most browsers offer no way to log out when using HTTP
authentication, without closing the browser.
Rolling your own login/logout system, or using one provided for you by a web
application framework, offers more flexibility, and enables you to do things
that basic HTTP authentication can't do.
In MySQL, I recommend using the MD5 function to store hashes of passwords.
Don't use the PASSWORD function; this is intended only for use by the MySQL
account system.
Regards,
Bill K.