I brought this issue up in the past, and the discussion quickly narrowed into an attempt to help me get a PHP script to work. Now, I am revisiting the issue of web security to get more widespread advice. First, let me explain my needs: I'd like to secure my website, and I only need it accesible to one person (me). I have technical data that I need to access on a regular basis. For various reasons, I chose to go the HTML-Web route rather than simply setting up a file server from which to download.
That said, I'd like to protect the site from outside eyes. In
Phil Sherry's (Excellent) Book , I have read of at least two levels of security: one is to use .htpasswrd, and the other is to enable the _SSL module in an Apache server. I know of a third method which I have already done in the past: I bought a PHP app that turns each page into a php file, and the app uses a mysql database to grant or deny access.
Here's where I need advice: which method do folks recommend? While I already know how to use the PHP method- it requires a little work in that I have to paste code into every page, etc. It's not a huge deal, but it requires advanced planning, so that I do not have to go back and do it later.
On the other hand, the .htpasswrd seems to be the most simple method. And, the https method (using SSL) seems to be the most secure. I read about how to enable SSL on my mac, but it seems to involve several steps.
Given my needs, I was wondering what people think about the pros and cons of the above three methods. Any advice is appreciated.
Top
