The workshop is designed to help you anticipate possible questions, review what you've learned, and begin learning how to put your knowledge into practice.



What are the advantages of database files over plain text files for storing user authentication information?


Database files are much more scalable because they can be indexed. This means that Apache does not need to read the file sequentially until a match is found for a particular user, but rather can jump to the exact location.


Can you name some disadvantages of HTTP basic authentication?


One disadvantage is that the information is transmitted in clear text over the network. This means that unless you are using SSL, it is possible for an attacker to read the packets your browser sends to the server and steal your password. Another disadvantage is that HTTP authentication does not provide a means for customizing the login (except the realm name). It is very common for Web sites to implement custom login mechanisms using HTML forms and cookies.


What function is designed to allow you to set a cookie on a visitor's browser?


The setcookie() function allows you to set a cookie (although you could also output a Set-Cookie header using the header() function).


Practice using the various types of authentication?both server-based and with PHP?on your development server. Get a feel for the differences between basic HTTP authentication and something you devise on your own.

    Part III: Getting Involved with the Code