comment on

Is .htaccess the best way of restricting users to a certain directory?

In general, yes. However, if the only thing in the directory is your application's .cgi, you have the option of protecting it with a .htaccess, or via application logic (e.g., a cookie-based login scheme). merlyn has a column that covers the basics of using cookies for login.

A scheme based on .htaccess (or the equivalent in IIS) has the virtue of being relatively easy to set up, though you do have to jump through setuid hoops update passwords via the web.

An application-level scheme has the virtue of flexibility. It allows you to easily set up an n>1 level permission scheme for your users (e.g., distinguishing normal users from admins) without having to spread your application across multiple directories.

Either scheme is vaguely secure. Both will fail if someone is sniffing packets, since both send passwords in the clear.

In reply to Re: Authentication and CGI by dws
in thread Authentication and CGI by chrispoole

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.