Programming
Article
By Harry Fuecks

HTTP Digest Implementation in PHP

By Harry Fuecks
Last chance to win! You'll get a... FREE 6-Month Subscription to SitePoint Premium Plus you'll go in the draw to WIN a new Macbook SitePoint 2017 Survey Yes, let's Do this It only takes 5 min

While following leads from Zend’s weekly summary, ran in Thomas Pike’s HTTP Digest Class: http://www.xiven.com/sourcecode/digestauthentication – a pure PHP implementation which relies on getallheaders() (i.e. requires Apache as well). Thomas introduces it here on his blog.

PHP comes with built in support for HTTP basic authentication but the problem there is, unless you’re using SSL (https), visitors will be sending passwords in clear text, which could be easily “sniffed” between their browser and your server.

HTTP Digest Authentication is a somewhat more secure mechanism, where, essentially, the server begins by sending a “seed” value to the browser, which the browser then uses to (one way) encrypt the password before sending.

Good to see this finally well-done in PHP.

Login or Create Account to Comment
Login Create Account
Recommended
Sponsors
Get the most important and interesting stories in tech. Straight to your inbox, daily.
Is it good?Is it good?