Web Database Applications and Authentication

So far in this chapter we have presented techniques that control access to resources—in particular, PHP scripts—based around HTTP authentication. The simplest technique discussed so far is to configure Apache to perform the authentication and authorization. For greater flexibility, we have described how PHP can manage the authentication process, allowing scripts to apply whatever logic is required to meet the authorization needs.

In this section we discuss issues of building web database applications:

  • Examining why HTTP authentication works well with stateless applications

  • Showing how a stateful application might manage HTTP authentication and the issues that are faced when building session-based web database applications

  • Discussing some reasons why HTTP authentication may not be suitable for all applications

  • Developing an authentication framework that can be used in a web database application illustrating the techniques presented in this section and earlier in this chapter

Building Stateless Applications

HTTP authentication is particularly well suited to stateless applications. HTTP authentication protects sets of resources, or realms, by challenging requests that don’t contain authenticated credentials. We described the HTTP authentication process at the beginning of this chapter. Once an authenticated set of credentials has been collected for a realm, the user can browse the resources protected by that realm. For example, a web site ...

Get Web Database Applications with PHP, and MySQL now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.