: One-user databaseless CMS authentication Background: My client needs a one-user bare-bones content management system, which should be capable to Edit text-content in plain-text or in WYSIWYG-style
Background: My client needs a one-user bare-bones content management system, which should be capable to
Edit text-content in plain-text or in WYSIWYG-style
Possibly create new subpages
Update image gallery, ie. upload files
Delete previously uploaded files
No need for commenting or such interaction.
Requirements:
PHP
JavaScript
No database
Currently I'm planning to code it from scratch, since the functionalities are somewhat basic.
What is the best available authentication method for this lone content admin? Options that came to my mind first:
.htaccess & .htpasswd based solution
hard-coded, salted, encrypted PHP password with sessions.
While option 2 is definitely more elegant, I wish the option 1 would suffice. The username & password combo would be located outside the public_html / www -folder structure.
Real question: Is .htaccess & .htpasswd authentication sufficient? Is it adequate security-wise? What are the possible pitfalls? (Okay, logout is one rather major pitfall, since it's practically impossible to implement due to stateless HTTP/1.1 specification...)
Bonus question 1: What are the other good options that I didn't think of? Out of the box ideas are always welcome. Email-editing? Why not :-)
Bonus question 2: Are there similar databaseless CMSes readily available?
Please bear in mind there is no need for more users nor user-management. I'm not asking programming tips but rather concepts how it could be done.
The RFC 2617, which I found through Piers' link below, answers the most of my real question
More posts by @Holmes151
1 Comments
Sorted by latest first Latest Oldest Best
If there's only one user, then some sort of HTTP authentication will be fine. I would suggest using Digest rather than Basic authentication. I know you weren't looking for programming tips, but you could probably save yourself a fair bit of time by reading this.
A couple of database-less CMSes are as follows:
CMS From Scratch
gpEasy (there's a howto install here)
PHP Nanomus
RazorCMS
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.