View Poll Results: Which is more secure?

**Galen** · 02-11-2007, 10:22 AM

I'm curious to see the responses I get to this here. Everybody seems to have thier own opinion.

Which is more secure: Apache's http_authentication or a well-written login system of one's own design (using salt, multple md5, etc.)?

Vote, discuss....

**Vin DSL** · 02-11-2007, 10:50 AM

Are you kidding?

Basic Auth sucks!

**Smo** · 02-11-2007, 11:06 AM

I've always been under the impression that HTTP auth is more secure. but it's not as felxible as a custom made login system.

Ofcourse I'm a n00b so my impressions are irrelevant

**Vin DSL** · 02-11-2007, 11:56 AM

Let's put it this way...

Can you name one major e-commerce site that uses HTTP authentication?

**Rob** · 02-11-2007, 12:39 PM

Sessions are much much more secure than HTTP Auth

**Connie** · 02-11-2007, 12:49 PM

Can you name one major e-commerce site that uses HTTP authentication?

How would the average user know?

I think akin to that. How would the average site owner know whether the authentication was
was http or sessions?

I could be wrong. I often am, but it appears to me the topic is drifting off from the original question.

**the_ancient** · 02-11-2007, 12:56 PM

Originally Posted by Connie

How would the average user know?

I think akin to that. How would the average site owner know whether the authentication was
was http or sessions?

I could be wrong. I often am, but it appears to me the topic is drifting off from the original question.

Aside from the Stupid Alert box that Basic Auth Uses vs the HTML Form most session based system use

**Connie** · 02-11-2007, 02:38 PM

Aside from the Stupid Alert box that Basic Auth Uses vs the HTML Form most session based system use

Never saw a stupid alert box that I know of on any site. Not sure what you are referring to?

**Galen** · 02-11-2007, 02:59 PM

Connie, when you log into your cPanel, you get the stupid alert box. That's http auth. When you log into your Jag client section, you use an html form. That's session based.

Hmm... could I get some specific reasons as to why one is better than the other? What makes sessions better? Other than the ability to customize, I mean. That's obvious

**Vin DSL** · 02-11-2007, 04:33 PM

Originally Posted by Connie

How would the average user know?

Duh!

Basic Auth is supposed to include all kinds of warniings about passing passwords in the the clear, and so forth, and so on...

n/m

You've probably (summarily) told MSIE not to send you these warning messages in the future...

[Removed text]

**the_ancient** · 02-11-2007, 04:49 PM

Originally Posted by Vin DSL

Gawd! I'm surrounded by [removed]...

only if your surrounded my mirrors

**Vin DSL** · 02-11-2007, 04:54 PM

Originally Posted by the_ancient

only if your surrounded my mirrors

Good come-back!

What's wrong with your Shift-key?

**Connie** · 02-11-2007, 05:27 PM

How about no more name calling?

Every question, and every response should be respected by other members of the forum IMHO.

Just because someone is not at your particular skill level does not make them less intelligent.