: One-user databaseless CMS authentication Background: My client needs a one-user bare-bones content management system, which should be capable to Edit text-content in plain-text or in WYSIWYG-style

@Holmes151

Posted in: #Authentication #Cms #Htaccess #Php #Users

Background: My client needs a one-user bare-bones content management system, which should be capable to


Edit text-content in plain-text or in WYSIWYG-style
Possibly create new subpages
Update image gallery, ie. upload files
Delete previously uploaded files


No need for commenting or such interaction.

Requirements:


PHP
JavaScript
No database


Currently I'm planning to code it from scratch, since the functionalities are somewhat basic.

What is the best available authentication method for this lone content admin? Options that came to my mind first:


.htaccess & .htpasswd based solution
hard-coded, salted, encrypted PHP password with sessions.


While option 2 is definitely more elegant, I wish the option 1 would suffice. The username & password combo would be located outside the public_html / www -folder structure.



Real question: Is .htaccess & .htpasswd authentication sufficient? Is it adequate security-wise? What are the possible pitfalls? (Okay, logout is one rather major pitfall, since it's practically impossible to implement due to stateless HTTP/1.1 specification...)

Bonus question 1: What are the other good options that I didn't think of? Out of the box ideas are always welcome. Email-editing? Why not :-)

Bonus question 2: Are there similar databaseless CMSes readily available?

Please bear in mind there is no need for more users nor user-management. I'm not asking programming tips but rather concepts how it could be done.



The RFC 2617, which I found through Piers' link below, answers the most of my real question

Vote Up Vote Down

Login to post a comment!