堆栈内存溢出
  简体   繁体   English

.htaccess代替用户名密码保护

[英].htaccess instead of username password protection

 原文  2013-02-21 20:56:32       php/ apache/ .htaccess/ security

问题描述

I am just coding a small website with an admin panel. 我只是用管理面板编写一个小型网站。 Since I am going to be the only one who will access that panel I was thinking instead of making traditional username - password matching just make simple .htaccess file to admin folder as 由于我将是唯一可以访问该面板的人,因此我在考虑将传统的.htaccess文件简化为admin文件夹,而不是进行传统的用户名和密码匹配, 

 <Limit GET POST>
 order deny,allow
 deny from all
 allow from myip
 allow from 127.0.01
</Limit>

So the question is since my ip is static. 所以问题是因为我的IP是静态的。 This kind of protection will be secure or do I have to do it with username - password matching ? 这种保护将是安全的,还是我必须通过用户名和密码匹配来做到这一点?

Also if the idea is logical but .htaccess needs more additions what would they be ? 同样,如果这个想法是合乎逻辑的,但是.htaccess需要更多的添加,它们将是什么?

3 个解决方案

解决方案1
 3 已采纳  2013-02-21 21:12:38

Restricting by IP is a perfectly valid alternative to protecting with a password, but less flexible for access. 通过IP限制是用密码保护的一种完全有效的替代方法,但访问灵活性较差。

If you use SSL then you could implement SSLRequire to make things more flexible whilst still "password-less" (note issue with threaded MPM). 如果使用SSL,则可以实现SSLRequire以使事情更加灵活,同时仍然“无密码”(请注意线程MPM的问题)。

However, for the small amount of effort that it would take to implement password protection using HTTP authentication I would argue that you should be as secure as possible. 但是,通过使用HTTP身份验证来实现密码保护所需的工作量很少,我认为您应该尽可能地安全。 Even if it is a personal website, it can still be hijacked and used to send SPAM, etc. 即使是个人网站,它仍然可以被劫持并用于发送垃圾邮件等。

解决方案2
 1  2013-02-21 21:00:05

Syntax is like this: 语法如下: 

<Limit GET POST>
 order deny,allow
 deny from all
 allow from 1.2.3.4
 allow from 127.0.01
</Limit>

It should be secure but keep in mind that if some one from the same server tries to access you web pages then with 127.0.0.1 IP it is no longer protects your pages. 它应该是安全的,但请记住,如果来自同一服务器的某人试图访问您的网页,则使用127.0.0.1 IP的它将不再保护您的网页。

解决方案3
 1  2013-02-21 21:00:36

What about order? 订单呢? 

order deny,allow
deny from all
allow from 127.0.0.1

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .htaccess密码保护损坏 - .htaccess password protection broken .htaccess带有ip块的密码保护 - .htaccess password protection with ip block 捕获.htaccess用户名和密码? - catch .htaccess username and password? 没有.htaccess的安全目录密码保护 - Secure directory password protection without .htaccess 从.htaccess中排除密码保护中的一个文件 - Exclude one file from password protection in .htaccess .htaccess密码保护拒绝来自请求uri - .htaccess password protection deny from request uri .htaccess密码保护破坏了WP / Twitter提要 - .htaccess password protection breaks WP/Twitter feeds 如何发送用户名/密码到htaccess? - How to send username/password to htaccess? 自动验证htaccess(401)用户名密码登录 - Auto authenticate a htaccess (401) username password login 使用 PHP 应用 .htaccess 文件夹用户名/密码 - Applying .htaccess folder username/password with PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM