• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Website Authentication

F

fishdiggy

n00b
Joined
Apr 28, 2005
Messages
17
I'm the webmaster for my fraternity. We have a small chapter, at a relatively small school. We're wanting to put a section on our website where users would have to login (so we could put private documents, etc.). From what I've been reading, this can only be done through the use of a database. Unfortunately, our school webserver does not support any sort of database interaction. My question is this: is there a secure way to do authentication WITHOUT a database, or am I going to need to look into hosting our site elsewhere?
 
Depends on the relative security concerns. You might, for instance, be able to use Apache Basic Authentication, which basically puts all usernames/passwords in a non-servable text file. The danger is that said file is still sitting, unencrypted, on the file server.

The next step would be a custom solution where you use an encrypted non-servable text file as a DB, but it's not likely (at a guess) that your environment will support it.

I'd say aim for Option 1 and consult with your school's tech office on what provisions they can make for a situation like yours.
 
Basic auth can be done with encrypted passwords in the on disk file, in fact htpasswd gives you the option to pick a cipher of your chosing.
 
You must log in or register to reply here.
Back
Top