Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
.htaccess vs. ignpw for password protection?
i want to put a password around a whole site, but i also want to make sure it’s non-volatile in that i want one login for everyone i give the site out to. so i want to make sure there will be no problems with simultaneous users and that sort of thing. security is less of a concern, more just a simple password but also not giving people access to the txp backend.
which option is better for me?
Offline
Re: .htaccess vs. ignpw for password protection?
.htaccess is a lot faster and perfect for situations like these.
Offline
Re: .htaccess vs. ignpw for password protection?
ok thanks. i was actually able to set up ign password very quickly so i’m wondering why you’d think htaccess is faster? is it cause to lock up lower level content ign password takes more work?
the big advantage to ign password is that it appears like you can leave some parts of the page unprotected which is interesting.
i ask cause i’m building a sort of demo site where i don’t have any second chances with the users. if they get annoyed with the password system they might not ask for help and never come back.Offline
Re: .htaccess vs. ignpw for password protection?
HTTP authorisation works in 2 steps:
1. browser visits a page without sending username/password -> webserver returns a message that the page requires authorisation (causing the browser to show you a login screen).
2. you enter the username/password and again the browser requests the same page, which the webserver now allows you to see.
In step 1, when using .htaccess, the webserver does not have to start up PHP and parse all the Textpattern PHP files, because the authentication already happens before that in .htaccess. That’s what makes it more efficient.
With only a limited amount of requests, it’s not important, but if you get a lot of page hits on protected pages, you’ll notice the difference.
Offline
Re: .htaccess vs. ignpw for password protection?
oh interesting. thanks for clearing that up. i’m also finding that ign password kicks the user out quite frequently. i think htaccess might be the way to go here.
Offline