Chapter 11. Authentication and Security

Many web database applications require restrictions to control user access. Some applications deal with sensitive information such as bank account details, while others only provide information or services to paying customers. These applications need to authenticate and authorize user requests, typically by collecting a username and password that are checked against a list of valid users. As well as authenticating those who have access to a service, web applications often need to protect the data that is transmitted over the Internet from those who shouldn't see it.

In this chapter, we show you the techniques used to build web database applications that authenticate and authorize users and protect the data that is transmitted over the Web. The topics covered in this chapter include:

  • How HTTP authentication works and how it can be used with Apache and PHP

  • Writing PHP scripts to manage user authentication and authorization

  • Authorizing access from an IP address or a range of IP addresses

  • Writing PHP scripts that authenticate users against a table in a database

  • The practical aspects of building session-based web database applications to authenticate users, including techniques that don't use HTTP authentication

  • A case study example that develops an authentication framework, demonstrating many of the techniques presented in this chapter

  • The features of the encryption services provided by the Secure Sockets Layer