Authentication and Security

There are many database applications in which restrictions need to be applied to control user access. Some applications deal with sensitive information such as bank account details, while others provide information or services only to paying customers.

These applications need to authenticate and authorize user requests, typically by collecting a username and password, and checking these against a list of valid users. As well as authenticating those who have access to a service, web applications often need to protect the data that is transmitted over the Internet from those who shouldn't see it.

In this chapter we discuss the techniques used to build web database applications that authenticate, authorize, and protect the data that is transmitted over the Web. The topics covered in this chapter include:

  • How HTTP authentication works and how it can be used with Apache and PHP
  • Writing PHP scripts to manage user authentication and authorization
  • Writing PHP scripts that authenticate users against a table in a database
  • The practical aspects of building session-based web database applications to authenticate users, including techniques that don't use HTTP authentication
  • A case study example that develops an authentication framework, demonstrating many of the techniques presented in this chapter
  • The features of the encryption services provided by the Secure Sockets Layer